Abstract
Large, distributed applications play an increasingly central role in today’s IT environment. The diversity and openness of these systems have given rise to questions of trust and security. It is the aim of the project Secure TINA to examine exactly these questions and try to find possible solutions. The focus lies on OMG’s Common Object Request Broker Architecture (CORBA) as a basis technology for developing distributed systems and on the Security Service specified for it, since this seems to be the most promising technology in the field. The followed approach is thereby twofold. At first, a thorough analysis of the specification itself and known implementations thereof is performed, based also on experiences in the broader area of distributed systems security. At a second, more practical stage, the attempt to develop an own, prototypical implementation of CORBA Security is undertaken, with the main objective of gaining as much practical experience as possible and experimenting with possible alternatives to find a solution to the problems encountered.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Adiron. Orbasec SL2 and Control, http://www.adiron.com, 2000.
Bob Blakley. CORBA Security: An Introduction to Safe Computing with Objects. Addison Wesley, 2000.
Joris Ciaessens. A Secure European System for Applications in a Multi-vendor Environment. https://www.cosic.esat.kuleuven.ac.be/sesame/, 2000.
DSTC. Public Key Infrastructure RFP. ftp://ftp.omg.org/pub/docs/ec/99-12-03.pdf, 2000.
Dieter Gollmann. Computer Security. Wiley, 1999.
Michi Henning and Steve Vinoski. Advanced CORBA Programming with C++. Addison Wesley, 1999.
ISO. Iso 10181-4: Information Technology-Security Frameworks for open Systems: Non-repudiation Framework, 04 1997.
Fred Kuhns, Carlos O’Ryan, Douglas C. Schmidt, and Jeff Parsons. The Design and Performance of a Pluggable Protocols Framework for Object Request Broker Middleware, http://www.cs.wustl.edu/ schmidt/PfHSN.ps.gz, 1999.
Ulrich Lang. Distributed Access Control, http://www.cl.cam.ac.uk/ ul201/proposal.pdf, 1999.
Martine Lapierre. TINA. Prentice Hall Europe (Academic), 1998.
Object Management Group. CORBA/IIOP 2.3.1 specification. http://sisyphus.omg.org/technology/documents/corba2formal.htm, 1999.
Object Management Group. Website. http://www.omg.org/, 2000.
OMG. Common Secure Interoperability V2 RFP. http://www.omg.org/ /techprocess/meetings/schedule/Common_SecureJnterop._V2_RFP.html, 2000.
OMG. Corba Security Service Specification v1.7 (Draft). ftp://ftp.omg.org/pub/docs/security/99-12-02.pdf, 2000.
OMG. Joint Revised Submission CORBA/Firewall Security. ftp://ftp.omg.org/pub/docs/orbos/98-05-04.pdf, 2000.
OMG. Portable Interceptors RFP. http://www.omg.org/techprocess/meetings/schedule/Portable-InterceptorsJRFP.html, 2000.
OMG. Security Domain Membership RFP. http://www.omg.org/ /techprocess/meetings/schedule/Security_Domain_Membership_RFP.html, 2000.
Opengroup. DCE Portal. http://www.opennc.org/dce/, 2000.
Arno Puder and Kay Römer. MICO: An Open Source CORBA Implementation. Morgan Kaufmann Publishers, 2000.
Arno Puder. Mico for the Palmpilot. http://www.mico.org/pilot/index.html, 2000.
Rudolf Schreiner. Open Source Software Security, http://www.technosec.com/ /whitepapers/open-source/open-source-security.html, 2000.
Rudolf Schreiner. Sicherheitsbedürfnis. iX-Magazin für professionelle Informationstechnik, page 14, June 2000.
John Viega, J.T. Bloch, Tadayoshi Kohno, and Gary McGraw. ITS4: A Static Vulnerability Scanner for C and C++ Code, ftp://ftp.rstcorp.com/pub/papers/its4.pdf 2000.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2000 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Alireza, A., Lang, U., Padelis, M., Schreiner, R., Schumacher, M. (2000). The Challenges of CORBA Security. In: Schumacher, M., Steinmetz, R. (eds) Sicherheit in Netzen und Medienströmen. Informatik aktuell. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-58346-9_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-58346-9_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-67926-4
Online ISBN: 978-3-642-58346-9
eBook Packages: Springer Book Archive