Interoperable Secure CORBA - PowerPoint PPT Presentation

interoperable secure corba n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Interoperable Secure CORBA PowerPoint Presentation
Download Presentation
Interoperable Secure CORBA

play fullscreen
1 / 15
Interoperable Secure CORBA
94 Views
Download Presentation
faunus
Download Presentation

Interoperable Secure CORBA

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Interoperable Secure CORBA Tin Qian Department of Computer Science University of Illinois

  2. Outline • Security Services in CORBA • Secure Inter-ORB Protocol (SECIOP) • Distributed Security Mechanisms and GSS API • Secure ORB work at SRG

  3. Overview ORB Service Interoperability(Interceptor) Security Functionality Level 1 Security Functionality Level 2 None-repudiation Security Service Replaceability SECIOP GSS API Kerberos SESAME/ECMA SSL PKSM

  4. Security Services in CORBA • Functionality Level 1: for applications unaware of security services • Functionality Level 2: application level security APIs including administrative API for policies • Optional functions: Non-repudiation

  5. Main Security Objects Audit Decision Audit Channel Principal Authenticator Application Access Decision Current NR Credentials Credentials Secure Invocation Access Control Audit and Non-repudiation Security Context Vault Access Decision Audit Decision Audit Channel Secure Invocation Policies Access Polices Invocation Audit Polices Application Audit Policies Delegation Policies Domain Manager

  6. Client Access Control Interceptors Target Access Control Interceptors Client Access Decision Target Access Decision Vault Security Context Client Secure Invocation Interceptors Target Secure Invocation Interceptors Create Security Context Create Vault Security Services in CORBA Server Client ORB Core

  7. Secure Inter-ORB Protocol • Security Extensions to Interoperable Object Reference (IOR) • Security Interoperability Protocol (SECIOP) to establish security association and protect GIOP messages • Different Common Security Interoperability levels: CSI Level 0-2 (delegation & privilege)

  8. Profile IDL:Account:1.0 2 Profile Profile version cs.uiuc.edu 1500 Object key TAG_INTERNET_IOP reserved TAG_x_SEC_MECH requires supports Security name TAG_GENERIC_SEC_MECH Mech-specific data type Tagged Component Secure IOR …... SPKM,KerberosV5,CSI_ECMA,SSL TAG_SEC_NAME TAG_ASSOCIATION_OPTIONS

  9. SecIOP Protocol Thread Thread Thread Thread GIOP/IIOP GIOP/IIOP SECIOP SECIOP TCP Connections

  10. Msg body Msg header GIOP_version Byte order Msg size SECP Msg type EstablishContext, CompleteEstablishContext, ContinueEstablishContext, DiscardContext, MessageError, MessageInContext SecIOP Protocol • Sequencing layer to deliver GIOP messages in order using a link protocol (ALP) • Context management layer to establish and control a secure association between clients and servers

  11. GSS API • GSS API tokens for each mechanism adopted as SECIOP tokens in CSI protocols • JGSS: our Java wrapper linking kerberos systems with Java programs • Sesame GSS API extended with privilege attributes including access rights, groups, and roles

  12. Kerberos and Sesame • PromiaKerberos: a Java library implements kerberosV5 authentication protocol(RFC 1510) • UIUCSesame: our extended Java library implements SESAME authentication protocol • Privilege attributes (PAC in ECMA-219) and public key support

  13. Cherubim Secure ORB • Security Functionality Level 1 • Message protection and Principal authentication using SSL • Active Capability based authorization inside interceptors • Security Policy representation framework

  14. Secure ORB in Java • CSI level 2 using UIUCSesame • CORBA security functionality level 1/2 based on Cherubim Secure ORB prototype • Administrative services for security policy management • Existing ones: OrbixSecurity(Kerberos), OrbixSSL, VisiBroker SSL, and ORBASec SL2(Kerberos)

  15. Some Research Questions • Can existing OS be configured or stripped down to provide adequate support for secure middle wares like CORBA? • Can different secure ORBs with different policies and mechanisms interoperate?