DOCSLIB.ORG

Privacy Enforcement with Data Owner-Defined Policies

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Privacy Enforcement with Data Owner-Defined Policies Privacy Enforcement with Data Owner-defined Policies Dissertation eingereicht von Diplom-Informatiker Thomas Scheffler vorgelegt der Mathematisch-Naturwissenschaftlichen Fakultät der Universität Potsdam zur Erlangung des Akademischen Grades Doktor der Naturwissenschaften – Dr. rer. nat. – angefertigt am Institut für Informatik der Universität Potsdam Professur Betriebssysteme und Verteilte Systeme Potsdam, den 2. September 2013 This work is licensed under a Creative Commons License: Attribution 3.0 To view a copy of this license visit http://creativecommons.org/licenses/by/3.0/ Published online at the Institutional Repository of the University of Potsdam: URL http://opus.kobv.de/ubp/volltexte/2013/6793/ URN urn:nbn:de:kobv:517-opus-67939 http://nbn-resolving.de/urn:nbn:de:kobv:517-opus-67939 Abstract Data privacy continues to be a very important topic, as our dependency on electronic communi- cation maintains its current growth and private data is shared between multiple devices, users and locations. The growing amount and the ubiquitous availability of personal private data increases the likelihood of data misuse, where private data may be used against the privacy preferences of the person that is identified by it and personal information might be revealed. Documented cases of privacy breaches show that misuse of data has multiple causes, malicious intent is only one of them. A substantial number of privacy breaches also occur due to carelessness of data users and disregard of the original privacy requirements for the data. Privacy advocates like Goldberg[2003] and Stytz[2005] have long requested that technical measures should be used for the privacy protection of data in applications and data exchange protocols. Documented data breaches, such as the illegitimate sharing of airline passenger data in open conflict with the agreed privacy policy [Anton, He, and Baumer, 2004], have raised the demand for effective privacy protection. Early privacy protection techniques, such as anonymous email and payment systems that have been developed by Chaum[1981, 1985], focused on data avoidance and anonymous use of ser- vices. They did not take into account that data sharing can not be avoided if people want to participate in electronic communication scenarios that involve social interactions. Many data pri- vacy protagonists still focus their efforts on data avoidance and limiting data collection, while society has moved on. People use social networking platforms, store personal private data online and make private data available to ‘friends’ that participate in the same ‘network’. This leads to a situation where data is shared widely and uncontrollably and in most cases the data owner has no control over the further distribution and use of data that has been submitted to such services. Previous efforts to integrate privacy awareness into data processing workflows have focused on the extension of existing access control frameworks with privacy aware functions [Park and Sandhu, 2004; Sevinç and Basin, 2006] or have analysed specific individual problems such as the expressiveness of policy languages [Karjoth, Schunter, and Herreweghen, 2003; Ashley and Karjoth, 2003]. So far very few implementations of overarching privacy protection mechanisms exist and can be studied to prove their effectiveness for privacy protection. Second level issues that stem from practical application of the implemented mechanisms, such as usability, life-time data management and changes in trustworthiness have received very little attention so far, mainly because they require actual implementations to be studied. This thesis proposes a mechanism for the controlled distribution and use of personal private data that combines existing concepts for the specification, distribution and enforcement of access control policies with novel ideas to build a privacy protection framework with unique properties. Most existing privacy protection schemes silently assume that it is the privilege of the data user to define the contract under which personal private data is released. Such an approach simplifies policy management and policy enforcement for the data user, but leaves the data owner with a binary decision to submit or withhold his or her personal data based on the provided policy. It is also far from clear to the people that are providing personal data, what happens when the data user changes the rules of this contract at a later time. In many cases it was shown that the stated privacy policy amounts to a simple privacy promise, because the legal text of the declaration is not directly tied to reliable practical enforcement. Our framework changes this assumption. We argue that granted rights must be automatically enforceable in order to be effective against carelessness and oversight on the side of the data user. If a privacy policy is agreed, this policy should be valid for all further access to the data. Furthermore, we want to empower the data owner to express his or her privacy preferences though privacy policies that follow the so called Owner-Retained Access Control (ORAC) mechanism. ORAC has been proposed by McCollum, Messing, and Notargiacomo[1990] as an alternate access control mechanism that offers the originator of the data, in our case the data owner, a way to express their own access control policies. A data access rule in our framework is bound to a particular subject, which could be an individual person or an organisation. The permission that is expressed in this rule is not transitive. This means that access rules strictly apply to the named subject in the policy and can not be delegated. The data owner is given control over the release policy for his or her personal data and he or she can set permissions or restrictions according to individually perceived trust values. Such a policy needs to be expressed in a coherent way and must allow the deterministic policy evaluation by different entities. We compared different privacy policy languages and came to the conclusion that the eXtensible Access Control Markup Language (XACML)[XACML-2.0, 2005] offers a rich set of features that can be used for the expression of privacy preferences. Our privacy policies are therefore written as a set of rules in the XACML policy description language. The privacy policy has to be communicated from the data owner to the data user, so that the data user can act accordingly. Our data protection framework augments private data with an ex- plicit privacy policy in order to fulfil this requirement. Data and policy are stored together as a Protected Data Object that follows the Sticky Policy model as defined by Mont, Pearson, and Bramhall[2003] and Karjoth, Schunter, and Waidner[2003]. Data access policies can be refer- enced whenever data access is about to happen – independent of time and location of the access. We developed a unique policy combination approach that takes usability aspects for the creation and maintenance of policies into consideration. Our privacy policy consists of three parts: A default policy provides basic privacy protection if no specific rules have been entered by the data owner. An owner policy part allows the customisation of the default policy by the data owner. A third part of the policy, the so called safety policy, guarantees that the data owner can not specify disadvantageous policies, which, for example, exclude him or her from further access to the private data. We believe that this precaution is necessary, because the creators of the privacy policy are ordinary computer users and not trained privacy policy experts and giving the policy administrator complete control over the policy rule base may also lead to cases where the created rules are erroneous or harmful. The combined evaluation of these three policy-parts yields the necessary access decision. The automatic enforcement of privacy policies is another important building block in our protec- tion framework. We started our work with the development of a client-side protection mechanism that allows the enforcement of data-use restrictions after private data has been released to the data user. The client-side enforcement component for data-use policies is based on a modified Java Security Framework [Scheffler, Geiß, and Schnor, 2008], where XACML privacy policies are translated into corresponding Java permissions that can be automatically enforced by the Java Security Manager. This approach allows the privacy-aware usage of existing Java applications without implementing policy checks in the application itself. Our reference monitor implementa- iv tion uses a modified Java class loader to bind the policy-derived permissions to a loaded class and thereby allows privacy enforcement for individual instances of an application class. After evaluating benefits and drawbacks of the client-side solution we extended our work to also offer data privacy protection for scenarios that require server-side protection mechanisms. A number of usage scenarios today require the processing of sensitive private data by service providers. Prominent examples of such a use case are location-based services. Our approach of policy enforcement through Java permissions requires the re-load of applica- tion classes for different data-sets, because once a Java class is loaded by the class loader, the set of permissions is fixed and can not be adapted. We found that server-side protection mechanisms can not be easily based on the enforcement of Java permissions by the Java Security Framework, because business applications usually follow a tiered architecture that separates different functions such as business logic, data access and data representation. Data access in a tiered business ap- plication is handled by Data Access Objects (DAOs) that might be shared by different services. Reloading a DAO for every data access is not an option. We solved this problem by extending our reference monitor design to use Aspect-oriented Pro- gramming (AOP) and the Java Reflection API to intercept data accesses in existing applications and provide a way to enforce data owner-defined privacy policies for business applications [Schef- fler, Schindler, and Schnor, 2012].
Load more

Recommended publications
  • FAKULT¨AT F¨UR INFORMATIK Architectural Design And
    FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Masterarbeit in Informatik Architectural Design and Implementation of a Web Application for Adaptive Data Models Stefan Bleibinhaus FAKULTAT¨ FUR¨ INFORMATIK DER TECHNISCHEN UNIVERSITAT¨ MUNCHEN¨ Masterarbeit in Informatik Architectural Design and Implementation of a Web Application for Adaptive Data Models Architektur Design und Implementierung einer Web Anwendung fur¨ adaptive Datenmodelle Author: Stefan Bleibinhaus Supervisor: Prof. Florian Matthes Advisor: Matheus Hauder Date: April 15, 2013 Ich versichere, dass ich diese Masterarbeit selbstandig¨ verfasst und nur die angegebenen Quellen und Hilfsmittel verwendet habe. I assure the single handed composition of this master thesis only supported by declared resources. Munchen,¨ den 15. April 2013 Stefan Bleibinhaus Acknowledgments I would like to express my very great appreciation to Prof. Florian Matthes for offering me to write my thesis on such a delightful topic and showing so much interest in my work. I am particularly grateful for the assistance given by Matheus Hauder and his will to support me in my research. vii Abstract This thesis discusses the architectural design and implementation of an Enterprise 2.0 collaboration web application. The designed web application uses the concept of hybrid wikis for enabling business users to capture easily content in structured form. A Hybrid wiki is a wiki, which empowers business users to incrementally structure and classify content objects without the struggle of being enforced to use strict information structures. The emergent information structure in a hybrid wiki evolves in daily use by the interaction with its users. Whenever a user wants to extend the content, the system guides them to automatically structure it by using user interface friendly methods like auto-completion and unobtrusive suggestions based on previous similar content.
    [Show full text]
  • Dynamic Data Access Object Design Pattern (CECIIS 2008)
    Dynamic Data Access Object Design Pattern (CECIIS 2008) Zdravko Roško, Mario Konecki Faculty of Organization and Informatics University of Zagreb Pavlinska 2, 42000 Varaždin, Croatia [email protected], [email protected] Abstract . Business logic application layer accessing 1 Introduction data from any data source (databases, web services, legacy systems, flat files, ERPs, EJBs, CORBA This paper presents a pattern that help to desing the services, and so forth) uses the Dynamic Data Access data access layer for any data source (not just Object which implements the Strategy[1] design relational) such as CICS, JMS/MQ, iSeries, SAP, pattern and hides most of the complexity away from Web Services, and so forth. Dynamic Data Access an application programmer by encapsulating its Object (DDAO) is an implementation of the Strategy dynamic behavior in the base data access class. By design pattern [1] which defines a family of using the data source meta data, it automates most of algorithms, encapsulate each one, and make them the functionality it handles within the application. interchangeable through an interface. Application programmer needs only to implement Having many options available (EJB, Object specific „finder“ functions, while other functions such Relational Mapping, POJO, J2EE DAO, etc.) to use as „create, store, remove, find, removeAll, storeAll, while accessing a data source, including persistent createAll, findAll“ are implemented by the Dynamic storage, legacy data and any other data source, the Data Access Object base class for a specific data main question for development is: what to use to source type.. bridge the business logic layer and the data from a Currently there are many Object Relational data source ? Assuming that the data access code is Mapping products such as Hibernate, iBatis, EJB not coded directly into the business logic layer (Entity CMP containers, TopLink, which are used to bridge Bean, Session Bean, Servlet, JSP Helper class, POJO) objects and relational database.
    [Show full text]
  • Ioc Containers in Spring
    301AA - Advanced Programming Lecturer: Andrea Corradini [email protected] http://pages.di.unipi.it/corradini/ AP-2018-11: Frameworks and Inversion of Control Frameworks and Inversion of Control • Recap: JavaBeans as Components • Frameworks, Component Frameworks and their features • Frameworks vs IDEs • Inversion of Control and Containers • Frameworks vs Libraries • Decoupling Components • Dependency Injection • IoC Containers in Spring 2 Components: a recap A software component is a unit of composition with contractually specified interfaces and explicit context dependencies only. A software component can be deployed independently and is subject to composition by third party. Clemens Szyperski, ECOOP 1996 • Examples: Java Beans, CLR Assemblies • Contractually specified interfaces: events, methods and properties • Explicit context dependencies: serializable, constructor with no argument • Subject to composition: connection to other beans – Using connection oriented programming (event source and listeners/delegates) 3 Towards Component Frameworks • Software Framework: A collection of common code providing generic functionality that can be selectively overridden or specialized by user code providing specific functionality • Application Framework: A software framework used to implement the standard structure of an application for a specific development environment. • Examples: – GUI Frameworks – Web Frameworks – Concurrency Frameworks 4 Examples of Frameworks Web Application Frameworks GUI Toolkits 5 Examples: General Software Frameworks – .NET – Windows platform. Provides language interoperability – Android SDK – Supports development of apps in Java (but does not use a JVM!) – Cocoa – Apple’s native OO API for macOS. Includes C standard library and the Objective-C runtime. – Eclipse – Cross-platform, easily extensible IDE with plugins 6 Examples: GUI Frameworks • Frameworks for Application with GUI – MFC - Microsoft Foundation Class Library.
    [Show full text]
  • Inversion of Control in Spring – Using Annotation
    Inversion of Control in Spring – Using Annotation In this chapter, we will configure Spring beans and the Dependency Injection using annotations. Spring provides support for annotation-based container configuration. We will go through bean management using stereotypical annotations and bean scope using annotations. We will then take a look at an annotation called @Required, which allows us to specify which dependencies are actually required. We will also see annotation-based dependency injections and life cycle annotations. We will use the autowired annotation to wire up dependencies in the same way as we did using XML in the previous chapter. You will then learn how to add dependencies by type and by name. We will also use qualifier to narrow down Dependency Injections. We will also understand how to perform Java-based configuration in Spring. We will then try to listen to and publish events in Spring. We will also see how to reference beans using Spring Expression Language (SpEL), invoke methods using SpEL, and use operators with SpEL. We will then discuss regular expressions using SpEL. Spring provides text message and internationalization, which we will learn to implement in our application. Here's a list of the topics covered in this chapter: • Container configuration using annotations • Java-based configuration in Spring • Event handling in Spring • Text message and internationalization [ 1 ] Inversion of Control in Spring – Using Annotation Container configuration using annotation Container configuration using Spring XML sometimes raises the possibility of delays in application development and maintenance due to size and complexity. To solve this issue, the Spring Framework supports container configuration using annotations without the need of a separate XML definition.
    [Show full text]
  • Data Loader Guide
    Data Loader Guide Version 53.0, Winter ’22 @salesforcedocs Last updated: August 24, 2021 © Copyright 2000–2021 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com, inc., as are other names and marks. Other marks appearing herein may be trademarks of their respective owners. CONTENTS Chapter 1: Data Loader . 1 Chapter 2: When to Use Data Loader . 2 Chapter 3: Installing Data Loader . 3 Install Data Loader on macOS . 4 Install Data Loader on Windows . 5 Considerations for Installing Data Loader . 6 Chapter 4: Configure Data Loader . 8 Data Loader Behavior with Bulk API Enabled . 12 Configure the Data Loader to Use the Bulk API . 12 Chapter 5: Using Data Loader . 13 Data Types Supported by Data Loader . 14 Export Data . 15 Define Data Loader Field Mappings . 17 Insert, Update, or Delete Data Using Data Loader . 17 Perform Mass Updates . 18 Perform Mass Deletes . 19 Upload Attachments . 19 Upload Content with the Data Loader . 20 Review Data Loader Output Files . 21 Data Import Dates . 21 View the Data Loader Log File . 22 Configure the Data Loader Log File . 22 Chapter 6: Running in Batch Mode (Windows Only) . 23 Installed Directories and Files . 24 Encrypt from the Command Line . 24 Upgrade Your Batch Mode Interface . 25 Run Batch File With Windows Command-Line Interface . 25 Configure Batch Processes . 26 Data Loader Process Configuration Parameters . 27 Data Loader Command-Line Operations . 35 Configure Database Access . 36 Spring Framework . 37 Data Access Objects . 38 SQL Configuration . 38 Map Columns . 40 Contents Run Individual Batch Processes . 42 Chapter 7: Command-Line Quick Start (Windows Only) .
    [Show full text]
  • Case Study on Building Data- Centric Microservices
    Case Study on Building Data- Centric Microservices Part I - Getting Started May 26, 2020 | Version 1.0 Copyright © 2020, Oracle and/or its affiliates Public DISCLAIMER This document in any form, software or printed matter, contains proprietary information that is the exclusive property of Oracle. Your access to and use of this confidential material is subject to the terms and conditions of your Oracle software license and service agreement, which has been executed and with which you agree to comply. This document and information contained herein may not be disclosed, copied, reproduced or distributed to anyone outside Oracle without prior written consent of Oracle. This document is not part of your license agreement nor can it be incorporated into any contractual agreement with Oracle or its subsidiaries or affiliates. This document is for informational purposes only and is intended solely to assist you in planning for the implementation and upgrade of the product features described. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described in this document remains at the sole discretion of Oracle. Due to the nature of the product architecture, it may not be possible to safely include all features described in this document without risking significant destabilization of the code. TABLE OF CONTENTS DISCLAIMER INTRODUCTION ARCHITECTURE OVERVIEW Before You Begin Our Canonical Application
    [Show full text]
  • The Spring Framework: an Open Source Java Platform for Developing Robust Java Applications
    International Journal of Innovative Technology and Exploring Engineering (IJITEE) ISSN: 2278-3075, Volume-3 Issue-2, July 2013 The Spring Framework: An Open Source Java Platform for Developing Robust Java Applications Dashrath Mane, Ketaki Chitnis, Namrata Ojha Abstract— The fundamental concepts of Spring Framework is Supported deployment platforms range from standalone presented in this paper.Spring framework is an open source Java applications to Tomcat and Java EE servers such as platform that provides comprehensive infrastructure support for WebSphere. Spring is also a first-class citizen on major developing robust Java applications very easily and very rapidly. cloud platforms with Java support, e.g. on Heroku, Google The Spring Framework is a lightweight solution and a potential App Engine, Amazon Elastic Beanstalk and VMware's one-stop-shop for building your enterprise-ready applications. Cloud Foundry.[1] IndexTerms— Aspect Oriented Programming, Dependency Injection, IoC Container, ORM. II. SPRING FRAMEWORK ARCHITECTURE Spring could potentially be a one-stop shop for all your I. INTRODUCTION enterprise applications; however, Spring is modular, Spring is the most popular application development allowing you to pick and choose which modules are framework for enterprise Java. Millions of developers applicable to you, without having to bring in the rest. around the world use Spring Framework to create high The Spring Framework provides about 20 modules which performing, easily testable, reusable code. Spring can be used based on an application requirement. framework is an open source Java platform and it was initially written by Rod Johnson and was first released under the Apache 2.0 license in June 2003.
    [Show full text]
  • 1 Software Architecture
    Some buzzwords and acronyms for today • Software architecture • Design pattern • Separation of concerns • Single responsibility principle • Keep it simple, stupid (KISS) • Don't repeat yourself (DRY) • Don't talk to strangers (Demeter's law) • Inversion of Control (IoC) • Dependency injection (DI) • Data Access Object (DAO) • Model View Controller (MVC) • Hollywood principle • Encapsulation • High cohesion, loose coupling 1 Software Architecture What is a software architecture? The software architecture of a program or computing system is the structure or structures of the system, which comprise software elements, the externally visible properties of those elements, and the relationships among them. Ar- chitecture is concerned with the public side of interfaces; private details of elements|details having to do solely with internal implementation{ are not architectural. • Bass, Clements, and Kazman Software Architecture in Practice (2nd edition) 1 Architecture Component design Changes slowly Rapid change through refactoring Influences the whole system Specific for the component Architectural styles Design patterns Software architecture Architecture describes the overall structure of a software system. Good architecture enables smooth evolution of the system. It must take into account things like • Deployment environment, • Platform and technology specifics, • Expected system scope. Architecture design principles Standard design principles also apply to system-wide architecture, i.e. • Separation of concerns, • Single responsibility principle,
    [Show full text]
  • DAO Dispatcher Pattern: a Robust Design of the Data Access Layer
    PATTERNS 2013 : The FIfth International Conferences on Pervasive Patterns and Applications DAO Dispatcher Pattern: A Robust Design of the Data Access Layer Pavel Micka Zdenek Kouba Faculty of Electrical Engineering Faculty of Electrical Engineering Czech Technical University in Prague Czech Technical University in Prague Technicka 2, Prague, Czech Republic Technicka 2, Prague, Czech Republic [email protected] [email protected] Abstract—Designing modern software has to respect the nec- Such frameworks help to separate the principal concern of essary requirement of easy maintainability of the software in business objects behavior (business logic) from the infrastruc- the future. The structure of the developed software must be tural concern of how business object’s data is retrieved/stored logical and easy to comprehend. This is why software designers from/to the database and make business objects free from this tend to reusing well-established software design patterns. This infrastructural aspect by delegating it to specialized data access paper deals with a novel design pattern aimed at accessing data objects (DAO). Thus, DAOs intermediate information ex- typically stored in a database. Data access is a cornerstone of all modern enterprise computer systems. Hence, it is crucial to change between business objects and the database. To facilitate design it with many aspects in mind – testability, reusability, the replacement of the particular mapping technology and to replaceability and many others. Not respecting these principles encapsulate database queries, data access objects layer pattern may cause defective architecture of the upper layer of the product, was devised. There are many possible implementations that or even make it impossible to deliver the product in time and/or differ mainly in their reusability, testability, architecture/design in required quality.
    [Show full text]
  • Java Enterprise Edition (JEE) “Core Design Patterns” JEE Core Design Patterns
    Java Enterprise Edition (JEE) ªCore Design Patternsº JEE Core Design Patterns Presentation Business Integration Tier Tier Tier Intercepting Filter Business Delegate Data Access Object Front Controller Service Locator Service Activator Context Object Session Facade Domain Store App Controller Application Service Web Service Broker View Helper Business Object Composite View Composite Entity Service to Worker Transfer Object Dispatcher View TO Assembler Value List Handler Front Controller Intent ● provide a single point for processing user requests http://java.sun.com/blueprints/corej2eepatterns/Patterns/FrontController.html Front Controller Motivation ● single processing point for all client requests – across views & session – can be used to inject cross-cutting concerns ● logging ● security ● separation of business code from presentation code ● provides logical resource mapping – http://server/resource.jsp – http://server/servlet/resourceController – actually we can map multiple requests to the same controller Front Controller Motivation ● reusability & organic growth – controllers can be specialized (sub-classing) – dynamically or declaratively mapped – what is declarative mapping – why do we care? Intercepting Filter Intent ● preprocessing & post processing of user requests http://java.sun.com/blueprints/corej2eepatterns/Patterns/InterceptingFilter.html Intercepting Filter Filter chain request request request controller filter1 filter2 response response response How is this different from pipes & filters? Intercepting Filter Motivation
    [Show full text]
  • Chapter 3 – Design Patterns: Model-View- Controller
    SOFTWARE ARCHITECTURES Chapter 3 – Design Patterns: Model-View- Controller Martin Mugisha Brief History Smalltalk programmers developed the concept of Model-View-Controllers, like most other software engineering concepts. These programmers were gathered at the Learning Research Group (LRG) of Xerox PARC based in Palo Alto, California. This group included Alan Kay, Dan Ingalls and Red Kaehler among others. C language which was developed at Bell Labs was already out there and thus they were a few design standards in place[ 1] . The arrival of Smalltalk would however change all these standards and set the future tone for programming. This language is where the concept of Model-View- Controller first emerged. However, Ted Kaehler is the one most credited for this design pattern. He had a paper in 1978 titled ‘A note on DynaBook requirements’. The first name however for it was not MVC but ‘Thing-Model-View-Set’. The aim of the MVC pattern was to mediate the way the user could interact with the software[ 1] . This pattern has been greatly accredited with the later development of modern Graphical User Interfaces(GUI). Without Kaehler, and his MVC, we would have still been using terminal to input our commands. Introduction Model-View-Controller is an architectural pattern that is used for implementing user interfaces. Software is divided into three inter connected parts. These are the Model, View, and Controller. These inter connection is aimed to separate internal representation of information from the way it is presented to accepted users[ 2] . fig 1 SOFTWARE ARCHITECTURES As shown in fig 1, the MVC has three components that interact to show us our unique information.
    [Show full text]
  • Inversion of Control
    Inversion of Control Name: ID: These questions do not have a formal, definitive answer. They are meant to be food for thoughts. Feel free to seek answers on browsing the Internet, talking to other software developers or reading books. Today we will be going over some good practices of software development. In particular, we will answer some questions about the Single Responsibility Principle, and about Inversion of Control. In order to reach these concepts, we will develop a small server, that returns the grade of students, over a socket connection. 1. Given that we will be using sockets to implement communication, let's start with the basic: \what is a socket?" question... 2. Students will be represented by the class below. public class Student implements Serializable private static final long serialVersionUID = 1L; public final String name; public final double grade; public final long key; public Student(long key, String name, double grade) this.name = name; this.grade = grade; this.key = key; public String toString() return name + "" + "(" + key + "): " + grade; Notice that it implements the Serializable interface. Why? 3. Information about the students will be stored remotely, and we will access it through a pattern called Data Access Object (DAO). The interface of our DAO is given below. public interface DAO<K, V> V get(K key); void add(K key, V value); void delete(K key); void update(K key, V value); What is a DAO, and what is the advantage of using it? 1 4. On the server side, we will have a database, that has a very simple implementation: our database is just a table that associates numbers to instances of the Student class.
    [Show full text]