Integrating security in CORBA based object architectures

We propose a distributed security architecture for incorporation into object oriented distributed computing systems, and in particular, into OMG's CORBA based object architectures. The primary objective of the security architecture is to make CORBA resilient to both component failures and malicious attacks. The core of the architecture is the notion of secure ORB node-an ORB node enhanced with "pluggable" system security objects interacting through generic security service APIs. System security objects coupled with protocols among them facilitate creation and management of clients, objects, and security information. Security services addressed in the paper include, but are in no way limited to, client/object authentication, access control, and integrity and confidentiality protections.<<ETX>>

[1]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[2]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[3]  Li Gong,et al.  Increasing Availability and Security of an Authentication Service , 1993, IEEE J. Sel. Areas Commun..

[4]  Vijay Varadharajan,et al.  An analysis of the proxy problem in distributed systems , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[5]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[6]  Virgil D. Gligor,et al.  On Inter-Realm Authentication in Large Distributed Systems , 1993, J. Comput. Secur..

[7]  Morrie Gasser,et al.  Security Kernel Design and Implementation: An Introduction , 1983, Computer.

[8]  Dorothy E. Denning,et al.  Cryptography and Data Security , 1982 .

[9]  Ronald L. Rivest,et al.  The MD5 Message-Digest Algorithm , 1992, RFC.

[10]  Virgil D. Gilgor,et al.  On inter-realm authentication in large distributed systems , 1992, Proceedings 1992 IEEE Computer Society Symposium on Research in Security and Privacy.

[11]  Philippe A. Janson,et al.  Security in Open Networks and Distributed Systems , 1991, Comput. Networks ISDN Syst..

[12]  Morrie Gasser,et al.  An architecture for practical delegation in a distributed system , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  J. Linn Practical authentication for distributed computing , 1990, Proceedings. 1990 IEEE Computer Society Symposium on Research in Security and Privacy.

[14]  Gene Tsudik,et al.  KryptoKnight Authentication and Key Distribution System , 1992, ESORICS.

[15]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[16]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[17]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[18]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[19]  Gary J. Nutt,et al.  Open Systems , 2019 .

[20]  Andrew Birrell Secure communication using remote procedure calls , 1985, TOCS.

[21]  Aurel A. Lazar,et al.  A Binding Architecture for Multimedia Networks , 1995, J. Parallel Distributed Comput..

[22]  John Linn,et al.  Generic Security Service Application Program Interface , 1993, RFC.