Scale and Invasiveness of Flask Code

Table: ``Filtered'' source code size for various Flask components and the number of discrete locations in the base Fluke code that were modified. This count of source code lines filters out comments, blank lines, preprocessor directives, and punctuation-only lines, and typically is 1/4 to 1/2 the size of unfiltered code. The network server count includes the ISAKMP and IPSEC distributions, counting as modifications all Flask-specific changes to them and the base Fluke network component.
Component Fluke LOC +Flask %Incr. #Locs. %Locs.
Kernel 9271 1795 19.3 258 2.4
FFS 21802 1342 6.2 14 .06
Proc. Mgr 925 196 21.2 85 9.2
Net Server 24549 1071 4.4 224 9.1
Total 58435 4575 7.8 647 1.1

In Table 7 we present data that give a rough estimate of the scale and complexity of adding fine-grained security enforcement to the base Fluke components. Overall, the Fluke components increased in size less than 8%. Although the kernel increased the most at 19%, for large object managers the percentage is reassuringly small (4-6%). Of these modifications, we examined the magnitude of changes involved by classifying each changed location as ``trivial'' changes (e.g., one-line changes, #define changes, name or parameter changes, etc.) or ``non-trivial.'' For the process manager, 57% of the changes fell into the trivial category. For the kernel, a similar percentage of the changes were trivial, 61%, despite the fact that the kernel is an order of magnitude larger and more complicated than the process manager.

The changes required to implement the Flask security architecture did not involve any modifications to the existing Fluke API. Extended calls were added to the existing API to permit security-aware applications to use the additional security functionality, such as the client and server identification support. All applications that run on the base Fluke system can be executed unchanged on Flask.