Skip to main content
SpringerLink
Log in

The Challenges of CORBA Security

  • Conference paper
Sicherheit in Netzen und Medienströmen

Part of the book series: Informatik aktuell ((INFORMAT))

Abstract

Large, distributed applications play an increasingly central role in today’s IT environment. The diversity and openness of these systems have given rise to questions of trust and security. It is the aim of the project Secure TINA to examine exactly these questions and try to find possible solutions. The focus lies on OMG’s Common Object Request Broker Architecture (CORBA) as a basis technology for developing distributed systems and on the Security Service specified for it, since this seems to be the most promising technology in the field. The followed approach is thereby twofold. At first, a thorough analysis of the specification itself and known implementations thereof is performed, based also on experiences in the broader area of distributed systems security. At a second, more practical stage, the attempt to develop an own, prototypical implementation of CORBA Security is undertaken, with the main objective of gaining as much practical experience as possible and experimenting with possible alternatives to find a solution to the problems encountered.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 54.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Adiron. Orbasec SL2 and Control, http://www.adiron.com, 2000.

    Google Scholar 

  2. Bob Blakley. CORBA Security: An Introduction to Safe Computing with Objects. Addison Wesley, 2000.

    Google Scholar 

  3. Joris Ciaessens. A Secure European System for Applications in a Multi-vendor Environment. https://www.cosic.esat.kuleuven.ac.be/sesame/, 2000.

    Google Scholar 

  4. DSTC. Public Key Infrastructure RFP. ftp://ftp.omg.org/pub/docs/ec/99-12-03.pdf, 2000.

    Google Scholar 

  5. Dieter Gollmann. Computer Security. Wiley, 1999.

    Google Scholar 

  6. Michi Henning and Steve Vinoski. Advanced CORBA Programming with C++. Addison Wesley, 1999.

    Google Scholar 

  7. ISO. Iso 10181-4: Information Technology-Security Frameworks for open Systems: Non-repudiation Framework, 04 1997.

    Google Scholar 

  8. Fred Kuhns, Carlos O’Ryan, Douglas C. Schmidt, and Jeff Parsons. The Design and Performance of a Pluggable Protocols Framework for Object Request Broker Middleware, http://www.cs.wustl.edu/ schmidt/PfHSN.ps.gz, 1999.

    Google Scholar 

  9. Ulrich Lang. Distributed Access Control, http://www.cl.cam.ac.uk/ ul201/proposal.pdf, 1999.

    Google Scholar 

  10. Martine Lapierre. TINA. Prentice Hall Europe (Academic), 1998.

    Google Scholar 

  11. Object Management Group. CORBA/IIOP 2.3.1 specification. http://sisyphus.omg.org/technology/documents/corba2formal.htm, 1999.

    Google Scholar 

  12. Object Management Group. Website. http://www.omg.org/, 2000.

    Google Scholar 

  13. OMG. Common Secure Interoperability V2 RFP. http://www.omg.org/ /techprocess/meetings/schedule/Common_SecureJnterop._V2_RFP.html, 2000.

    Google Scholar 

  14. OMG. Corba Security Service Specification v1.7 (Draft). ftp://ftp.omg.org/pub/docs/security/99-12-02.pdf, 2000.

    Google Scholar 

  15. OMG. Joint Revised Submission CORBA/Firewall Security. ftp://ftp.omg.org/pub/docs/orbos/98-05-04.pdf, 2000.

    Google Scholar 

  16. OMG. Portable Interceptors RFP. http://www.omg.org/techprocess/meetings/schedule/Portable-InterceptorsJRFP.html, 2000.

    Google Scholar 

  17. OMG. Security Domain Membership RFP. http://www.omg.org/ /techprocess/meetings/schedule/Security_Domain_Membership_RFP.html, 2000.

    Google Scholar 

  18. Opengroup. DCE Portal. http://www.opennc.org/dce/, 2000.

    Google Scholar 

  19. Arno Puder and Kay Römer. MICO: An Open Source CORBA Implementation. Morgan Kaufmann Publishers, 2000.

    Google Scholar 

  20. Arno Puder. Mico for the Palmpilot. http://www.mico.org/pilot/index.html, 2000.

    Google Scholar 

  21. Rudolf Schreiner. Open Source Software Security, http://www.technosec.com/ /whitepapers/open-source/open-source-security.html, 2000.

    Google Scholar 

  22. Rudolf Schreiner. Sicherheitsbedürfnis. iX-Magazin für professionelle Informationstechnik, page 14, June 2000.

    Google Scholar 

  23. John Viega, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw. ITS4: A Static Vulnerability Scanner for C and C++ Code, ftp://ftp.rstcorp.com/pub/papers/its4.pdf 2000.

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. T-Nova Deutsche Telekom Innovationsgesellschaft mbH — Technologiezentrum, Germany

    A. Alireza

  2. University of Cambridge, UK

    U. Lang

  3. technoSec Ltd., UK

    U. Lang & R. Schreiner

  4. Darmstadt University of Technology, Germany

    M. Padelis & M. Schumacher

Authors
  1. A. Alireza
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. U. Lang
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. M. Padelis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. R. Schreiner
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. M. Schumacher
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Informationstechnologie Transfer Office, Fachbereich 20, Informatik, Technische Universität Darmstadt, Wilhelminenstr. 7, 64283, Darmstadt, Deutschland

    Markus Schumacher

  2. Industrielle Prozess- und Systemkommunikation KOM, Fachbereich 18, Elektrotechnik und Informationstechnik, Technische Universität Darmstadt, Merckstr. 25, 64283, Darmstadt, Deutschland

    Ralf Steinmetz

Rights and permissions

Reprints and permissions

Copyright information

© 2000 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alireza, A., Lang, U., Padelis, M., Schreiner, R., Schumacher, M. (2000). The Challenges of CORBA Security. In: Schumacher, M., Steinmetz, R. (eds) Sicherheit in Netzen und Medienströmen. Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-58346-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-58346-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-67926-4

  • Online ISBN: 978-3-642-58346-9

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation