Simplifying CORBA Security Service to Support Service Level Access Control

Kumar, Atul; Jalote, Pankaj; Gupta, Deepak

doi:10.1007/978-3-540-39962-9_79

Simplifying CORBA Security Service to Support Service Level Access Control

Atul Kumar⁶,
Pankaj Jalote⁶ &
Deepak Gupta⁶

Conference paper

464 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2889))

Abstract

The CORBA Security Service provides a domain based access control model in which interfaces are grouped in domains and a single security policy applies to all the interfaces in the domain. CORBA Security Service does not directly support object and method level access control rules. Grouping interfaces in domains helps in reducing access control rules in a large system with a large number of objects. In an environment where services are provided using methods and similar services are grouped as the methods of an interface, providing service and interface level access control is desirable.

We present an access model that works on the top of the access model of CORBA Security Service and allows method and object level access control for CORBA objects. A GUI tool has been developed for managing the users, defining user groups (e.g., grouping users playing a certain role), and specifying the access control rules. The GUI tool is supported by a software layer which we have built on top of CORBA Security Service. Our access model coexists with the CORBA Security Service access model and the complex features of CORBA Security Service can be used wherever required.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Amoroso, E.G.: Fundamentals of Computer Security Technology. Prentice Hall PTR, Upper Saddle River (1994)
MATH Google Scholar
Bell, D., LaPadula, L.: Secure computer systems: Mathematical foundations and model. Technical report, MITRE Corperation, Bedford, MA, USA (1973)
Google Scholar
Biba, K.: Integrity considerations for secure computer systems. Technical report, U.S. Air Force Electronic Systems Division, 760372 (1977)
Google Scholar
Blakley, B.: CORBA Security An Introduction to Safe Computing with Objects. Addison-Wesley, Reading (2000)
Google Scholar
Brew, M.: Java’s evolving security model: Beyond the sandbox for better assurance or a murkier brew? SANS Institute Technical Report (March 2001), http://www.giac.org/practical/gsec/Matthew_Herholtz_GSEC.pdf
Cheswick, W.R., Bellolovin, S.M.: Firewalls and Internet Security: Repelling the Wily Hacker. Addison-Wesley Publishing Company, Reading (1996)
Google Scholar
Clark, D.D., Wilson, D.R.: A comparison of commercial and military computer security policies. In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, USA, May 1987, pp. 184–194 (1987)
Google Scholar
Distributed Object Group (DOG). JavaORB Object Security Service (OSS), http://dog.team.free.fr/details_oss_service.html
Distributed Object Group (DOG). JavaORB version 2.2.7, http://dog.team.free.fr/details_javaorb.html
Fraser, B. (ed.). Site security handbook. RFC 2196, IETF (September 1997), http://www.ietf.org/rfc/rfc1945.txt
Garfinkel, S., Spafford, G.: Practical UNIX and Internet Security, 2nd edn. O’Reilly & Associates, Sebastopol (1996)
Google Scholar
Howard, J.D.: An Analysis Of Security Incidents On The Internet 1989 – 1995. PhD thesis, Carnegie Mellon University, Pittsburgh, PA, USA (April 1997), http://www.cert.org/research/JHThesis/Start.html
Object Management Group. Security service specification, version 1.7. OMG Document formal/01-03-08 (March 2001), http://www.omg.org/docs/formal/01-03-08.pdf
Russel, D., Gangemi Sr., G.T.: Computer Security Basics. O’Reilly & Associates, Sebastopol (1991)
Google Scholar
Summers, R.C.: Secure Computing: Threats and Safeguards. McGGraw Hill, New York (1997)
Google Scholar

Download references

Author information

Authors and Affiliations

Department of Computer Science and Engineering, Indian Institute of Technology, Kanpur, 208016, India
Atul Kumar, Pankaj Jalote & Deepak Gupta

Authors

Atul Kumar
View author publications
You can also search for this author in PubMed Google Scholar
Pankaj Jalote
View author publications
You can also search for this author in PubMed Google Scholar
Deepak Gupta
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Vrije Universiteit Brussel (VUB), STARLab, Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium
Robert Meersman
School of Computer Science and Information Technology, RMIT University, Bld 10.10, 376-392 Swanston Street, VIC 3001, Melbourne, Australia
Zahir Tari

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Kumar, A., Jalote, P., Gupta, D. (2003). Simplifying CORBA Security Service to Support Service Level Access Control. In: Meersman, R., Tari, Z. (eds) On The Move to Meaningful Internet Systems 2003: OTM 2003 Workshops. OTM 2003. Lecture Notes in Computer Science, vol 2889. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-39962-9_79

Download citation

DOI: https://doi.org/10.1007/978-3-540-39962-9_79
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20494-7
Online ISBN: 978-3-540-39962-9
eBook Packages: Springer Book Archive

Publish with us

Policies and ethics