Abstract
We observe the recent research trend toward large-scale, component-based distributed systems that are dynamically configurable or extensible in response to changing execution environments or end-user needs. Regardless of whether these configuration changes happen automatically through predefined adaptation or self-management methods or in response to explicit user interaction, they can jeopardize the integrity of application components. Moreover, they can cause unexpected effects in system performance or even lead to disputes about middleware or application providers' responsibilities for failures experienced by end users. This paper introduces Reverb, a set of middleware abstractions and mechanisms that can be used to: (1) audit configuration actions; (2) impose controls on permissible actions; and (3) control which principals are permitted to carry out configurations. To evaluate Reverb, it has been integrated into middleware used in the high performance domain. The intent of this integration is to not only demonstrate its viability and utility, but also to show that Reverb-based configuration control has little effect on the performance of the distributed applications or middleware that use it. Experimental results attained with Reverb-enabled middleware used with resource-constrained pervasive applications demonstrate the small performance impact of Reverb's rich new functionality.