The ability of individuals to freely access the Internet from computers or workstations poses fundamental problems for current state of the art computer systems. It is now possible to access data and programs from all over the world simply by opening a web page. Programs and Java™ or ActiveX™ code derived from unknown sources represent a tremendous network management and security problem for users and information systems (IS) managers. Code obtained from diverse and uncontrolled sources may violate the security and management service rules of the network on which it is executed.
On conventional systems, the execution of a program on a computer is governed only by the system services that are native to that computer. Consequently, networks of conventional systems face problems of scalability, manageability, integrity, and performance. First each conventional computer needs to have sufficient resources to support locally executing system services such as security, resource control, program monitoring, and task management. As a result, current systems place high resource demands on their client computers. Second, heterogeneous networks of conventional systems are hard to manage and administer, because there is no central point of control and it is difficult to establish uniform interfaces for remote management. Third, native services that are performed locally on client computers are vulnerable to security attacks and require that all client computers within a network be physically and virtually secured, which is a difficult and costly undertaking. Finally, executing services locally on client computers extracts a performance cost from the clients.
Clearly, a technique that provides greater latitude in controlling and managing software components and the behavior of applications within a network would provide a valuable advance over the current state of the art. This capability should be applicable to executable code that comes from both known and unknown sites. The method that is used should preferably examine any program as it enters the environment and before it is executed, breaking the application down into its constituent components. Those components should then be rewritten as necessary so that when the application is executed, it conforms to the security and management policy rules of the site. The management policies that might be implemented in a rewritten application can include, for example, performance tracking, usage metering, and revocable authorization to access services, or other elements of the computer/network. Moreover, the rewriting of the application components must be accomplished without altering the overall functionality of the program.
There is another important use for a technique that enables programs entering an environment to be observed, controlled, and managed prior to their execution. This technique can also be employed to retarget a program that has been developed for one machine (virtual or actual) architecture, so that the program runs on an entirely different machine architecture. Ideally, the translation and retargeting should be capable of implementation in a batch mode and be implemented with little or no user interaction. Such translation and retargeting is likely to become increasingly important to the computing world, to accommodate the ever increasing diversity of networks and machine architectures.
The techniques to accomplish the above-described functions are currently unavailable in the prior art. Accordingly, there is a clear need to develop and implement such capabilities, which has led to the present invention being developed.