Journal of Network and Systems Management

, Volume 13, Issue 3, pp 309–328 | Cite as

Mandatory and Discretionary Policies for CORBA Security



This paper proposes extending the CORBA (Common Object Request Broker Architecture) security model to make possible the use of mandatory policies and policy management in distributed applications. Mandatory policies and a policy service were proposed for insertion in the JaCoWeb Project, which is developing an authorization scheme for large-scale networks based on CORBA security standards. In this paper, there is a combination of client-side and server-side access control, in a single domain. Our mandatory control is carried out on the level of ORB (Object Request Broker), on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing. In this paper, operations of security management not currently included in the OMG standards are also proposed. The paper further presents implementation results and an evaluation of these results based on common criteria.


Security policies authorization CORBAsec security evaluation common criteria 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    OMG, Security Service:v1.8, OMG Document Number 02-03-11, March 2002.Google Scholar
  2. 2.
    OMG, Security Domain Membership Management Specification, OMG Document ptc/02-05-02, May 2002 (
  3. 3.
    K. Beznosov, Object Security Attributes: Enabling Application-specific Access Control in Middleware, In: Proceedings of the 4th International Symposium on DOA, California, pp. 693–710, 2002.Google Scholar
  4. 4.
    U. Lang and R. Schreiner, OpenPMF: A Model-Driven Security Framework for Distributed Systems, In: Proceedings of the Information Security Solutions Europe, Berlin, Germany, September 2004. (
  5. 5.
    C. M. Westphall. An Authorization Scheme for Security in Large-Scale Distributed Systems, Doctoral Thesis, CPGEEL-UFSC, Brazil, December 2000.Google Scholar
  6. 6.
    D. Elliot Bell and L. J. LaPadula, Security Computer Systems: Unified Exposition and Multics Interpretation, MITRE Tech. Report MTR-2297 Rev. 1, March 1976.Google Scholar
  7. 7.
    C. M. Westphall, Joni da S. Fraga, C. B. Westphall, and Silvia C. S. Bianchi, Mandatory Security Policies for CORBA Security Model, In: IFIP TC11 17th International Conference on Information Security (SEC2002), Cairo, Egypt, Kluwer, pp. 251–262, 2002.Google Scholar
  8. 8.
    C. E. Landwehr, C. L. Heitmeyer, and J. D. McLean. A Security Model for Military Message Systems: Retrospective, In: Proceedings of the 17th ACSAC, New Orleans, IEEE Press, pp. 174–190, 2001.Google Scholar
  9. 9.
    G. Karjoth, Authorization in CORBA Security, Journal of Computer Security Vol. 8, No. 2/3, pp. 89–108, 2000.Google Scholar
  10. 10.
    V. Nicomette and Y. Deswarte, An Authorization Scheme for Distributed Object Systems, In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, IEEE Press, pp. 21–30, 1997.Google Scholar
  11. 11.
    A. C. Myers and B. Liskov, Protecting Privacy Using the Decentralized Label Model, In: IEEE Foundations of Intrusion Tolerant Systems (OASIS’03), pp. 89–116, December 2003.Google Scholar
  12. 12.
    P. A. Karger, and R. R. Schell, Thirty Years Later: Lessons from the Multics Security Evaluation, In: Proceedings of the 18th ACSAC, California, IEEE Press, pp. 119–148, 2002.Google Scholar
  13. 13.
    R. Watson, B. Feldman, A. Migus, and C. Vance, Design and Implementation of the Trusted BSD MAC Framework, In: Proceeding of the DARPA Information Survivability Conference and Exhibition, Washington DC, IEEE Press, pp. 38–49, April 2003.Google Scholar
  14. 14.
    J. P. L. Woodward, Exploiting the Dual Nature of Sensitivity Labels, In: Proc. of the IEEE Symp. on Security and Privacy, Oakland, IEEE Press, pp. 23–30, 1987.Google Scholar
  15. 15.
    D. Elliot Bell, Secure Computer Systems: A Network Interpretation, In: Proceedings of the 2nd Annual Computer Security Application Conference, USA, pp. 32–39, 1986.Google Scholar
  16. 16.
    J. K. Millen and T. F. Lunt, Security for object-oriented database systems, In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, IEEE Press, pp. 260–272, 1992.Google Scholar
  17. 17.
    S. Jajodia and B. Kogan, Integrating an object-oriented data model with multilevel security, In: Proceeddings of IEEE Symp. on Security and Privacy, Oakland, IEEE Press, pp. 76–85, 1990.Google Scholar
  18. 18.
    ISO/IEC, Official CC/CEM Versions, ISO/IEC 15408, January 2004 (
  19. 19.
    Information Security Systems Organization, Controlled Access Protection Profile, NSA, Oct. 1999.Google Scholar
  20. 20.
    T. J. Klevinsky, S. Laliberte, and A. Gupta, Hack I. T.—Security Through Penetration Testing, Pearson, February 2002.Google Scholar

Copyright information

© Springer Science + Business Media, Inc. 2005

Authors and Affiliations

  • Carla Merkle Westphall
    • 1
  • Joni da Silva Fraga
    • 2
  1. 1.Network and Management Laboratory (LRG), Post-Graduate Program in Computer Science (PPGCC), Technological Center (CTC)Federal University of Santa Catarina (UFSC)FlorianópolisBrazil
  2. 2.Department of Automation and Systems, Post-Graduate Program in Electrical EngineeringFederal University of Santa CatarinaFlorianópolisBrazil

Personalised recommendations