1 / 15

CS 603 CORBA Security

CS 603 CORBA Security. April 3, 2002. Security Service: Overview. Goals Confidentiality Integrity Accountability Availability Where IDL for security classes Internal ORB checks IIOP extensions for inter-ORB security. Key (visible) Features. Authentication

skule
Download Presentation

CS 603 CORBA Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CS 603CORBA Security April 3, 2002

  2. Security Service: Overview • Goals • Confidentiality • Integrity • Accountability • Availability • Where • IDL for security classes • Internal ORB checks • IIOP extensions for inter-ORB security

  3. Key (visible) Features • Authentication • Is principal (user or object) who they claim to be? • Authorization • Does a principal has the right to perform an operation? • Auditing • Who is the source user (human) for an action? • Communication • Ensure messages not corrupted and (optionally) not intercepted • Non-repudiation • Irrefutable evidence that an action has been performed • Administration • How do we define the policy?

  4. Simple Consistent Scalable Usable for end users Usable for administrators Usable for implementers Flexible access control Audit functionality profiles Technology neutral Application portability Interoperability different vendors secure to non-secure different domains different technology Performance Object-Oriented Conform to regulations Conform to standard evaluation criteria Specific Goals

  5. Main Packages (at least one required) Level 1: Applications unaware of security Level 2: Application control of policy Optional packages Non-repudiation Replaceable packages ORB services: Intercepter interfaces (security external to ORB), or Security Service: Standard ORB interface Common Secure Interoperability Level 0: Identity based policies without delegation Level 1: Identity with unrestricted delegation Level 2: Identity and privilege policies, controlled delegation SECIOP Interoperability package Security Mechanism Packages SPKM protocol – CSI level 0 (basic public key) GSS Kerberos – CSI level 1 CSI-ECMA – CSI level 2 (SESAME) SSL – CSI level 0 SECIOP + DCE-CIOP interoperability Security Packages

  6. So how does it work? • Credentials • Client obtains credentials giving principal’s security attributes • Identity • Privilege: Groups, Roles, Capabilities, Clearances • Also Public (unauthenticated) credentials • Credentials can selectively be attached to object reference • Delegation • None – reference uses it’s own credentials • Simple – reference runs as principal • Combined – reference gets merge of self and principal • Composite – reference gets two sets of credentials (can trace) • Time restrictions on delegation

  7. Responsibilities • Enterprise manager • Type of access control policy • Level of auditing • Level of protection • End user • Application Developer • Administrator • Domain administration, user creation, etc. • Object system implementer • Install ORBs/services

  8. Authentication

  9. Invocation

  10. Security-Unaware Object

  11. Interfaces • Level 1: • Current:get_attributes – get credentials of invoking principal • Level 2: • PrincipalAuthenticator • Credentials Authenticate() • _authentication() – for multi-step authentication • Credentials • Set_security_features(), Get_security_features() • Delegation allowed? Secure communication? • Set_privileges() – Set group, role, clearance • Also identity: AuditId, AccountingId, NonRepudiationID • Get_attributes() – given types, get values • Is_valid() – Is the credential timed-out? • Refresh() – renew timed-out credential

  12. Interfaces(Level 2, continued) • SecurityLevel2::Object (CORBA::Object) • Override_default_credentials() • Override_default_QOP() – communication • Get_security_features() • Get_active_credentials() • Current – security aspects of a given call • Get_attributes() (Security level 1) • Get_credentials() • Set_credentials() • Received_credentials • Received_security_features

  13. Interfaces(Level 2, continued) • AuditChannel • Audit_write() – write to log • AuditDecision • Audit_needed() • Audit_channel • AccessDecision • Access_allowed()

  14. Security Domains • Policy – common security policy • Hierarchichal • Federated • Domains for different policies may overlap • Environment – area with local enforcement • Technology – same mechanisms

  15. Non-Repudiation

More Related