Skip to main content
SpringerLink
Log in

Mandatory and Discretionary Policies for CORBA Security

  • Published:
Journal of Network and Systems Management Aims and scope Submit manuscript

Abstract

This paper proposes extending the CORBA (Common Object Request Broker Architecture) security model to make possible the use of mandatory policies and policy management in distributed applications. Mandatory policies and a policy service were proposed for insertion in the JaCoWeb Project, which is developing an authorization scheme for large-scale networks based on CORBA security standards. In this paper, there is a combination of client-side and server-side access control, in a single domain. Our mandatory control is carried out on the level of ORB (Object Request Broker), on the client side, preventing, in unauthorized accesses, the emission of the corresponding requisition, the associated processing on the server and also, the generation of new requests through this unauthorized processing. In this paper, operations of security management not currently included in the OMG standards are also proposed. The paper further presents implementation results and an evaluation of these results based on common criteria.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. OMG, Security Service:v1.8, OMG Document Number 02-03-11, March 2002.

  2. OMG, Security Domain Membership Management Specification, OMG Document ptc/02-05-02, May 2002 (http://www.omg.org/docs/ptc/02-05-02.pdf).

  3. K. Beznosov, Object Security Attributes: Enabling Application-specific Access Control in Middleware, In: Proceedings of the 4th International Symposium on DOA, California, pp. 693–710, 2002.

  4. U. Lang and R. Schreiner, OpenPMF: A Model-Driven Security Framework for Distributed Systems, In: Proceedings of the Information Security Solutions Europe, Berlin, Germany, September 2004. (http://www.objectsecurity.com).

  5. C. M. Westphall. An Authorization Scheme for Security in Large-Scale Distributed Systems, Doctoral Thesis, CPGEEL-UFSC, Brazil, December 2000.

  6. D. Elliot Bell and L. J. LaPadula, Security Computer Systems: Unified Exposition and Multics Interpretation, MITRE Tech. Report MTR-2297 Rev. 1, March 1976.

  7. C. M. Westphall, Joni da S. Fraga, C. B. Westphall, and Silvia C. S. Bianchi, Mandatory Security Policies for CORBA Security Model, In: IFIP TC11 17th International Conference on Information Security (SEC2002), Cairo, Egypt, Kluwer, pp. 251–262, 2002.

  8. C. E. Landwehr, C. L. Heitmeyer, and J. D. McLean. A Security Model for Military Message Systems: Retrospective, In: Proceedings of the 17th ACSAC, New Orleans, IEEE Press, pp. 174–190, 2001.

  9. G. Karjoth, Authorization in CORBA Security, Journal of Computer Security Vol. 8, No. 2/3, pp. 89–108, 2000.

    Google Scholar 

  10. V. Nicomette and Y. Deswarte, An Authorization Scheme for Distributed Object Systems, In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, IEEE Press, pp. 21–30, 1997.

  11. A. C. Myers and B. Liskov, Protecting Privacy Using the Decentralized Label Model, In: IEEE Foundations of Intrusion Tolerant Systems (OASIS’03), pp. 89–116, December 2003.

  12. P. A. Karger, and R. R. Schell, Thirty Years Later: Lessons from the Multics Security Evaluation, In: Proceedings of the 18th ACSAC, California, IEEE Press, pp. 119–148, 2002.

  13. R. Watson, B. Feldman, A. Migus, and C. Vance, Design and Implementation of the Trusted BSD MAC Framework, In: Proceeding of the DARPA Information Survivability Conference and Exhibition, Washington DC, IEEE Press, pp. 38–49, April 2003.

  14. J. P. L. Woodward, Exploiting the Dual Nature of Sensitivity Labels, In: Proc. of the IEEE Symp. on Security and Privacy, Oakland, IEEE Press, pp. 23–30, 1987.

  15. D. Elliot Bell, Secure Computer Systems: A Network Interpretation, In: Proceedings of the 2nd Annual Computer Security Application Conference, USA, pp. 32–39, 1986.

  16. J. K. Millen and T. F. Lunt, Security for object-oriented database systems, In: Proceedings of the IEEE Symposium on Security and Privacy, Oakland, IEEE Press, pp. 260–272, 1992.

  17. S. Jajodia and B. Kogan, Integrating an object-oriented data model with multilevel security, In: Proceeddings of IEEE Symp. on Security and Privacy, Oakland, IEEE Press, pp. 76–85, 1990.

  18. ISO/IEC, Official CC/CEM Versions, ISO/IEC 15408, January 2004 (http://www.commoncriteriaportal.org/public/consumer/index.php?menu=2).

  19. Information Security Systems Organization, Controlled Access Protection Profile, NSA, Oct. 1999.

  20. T. J. Klevinsky, S. Laliberte, and A. Gupta, Hack I. T.—Security Through Penetration Testing, Pearson, February 2002.

Download references

Author information

Authors and Affiliations

  1. Network and Management Laboratory (LRG), Post-Graduate Program in Computer Science (PPGCC), Technological Center (CTC), Federal University of Santa Catarina (UFSC), Caixa Postal 476, 88040-970, Florianópolis, SC, Brazil

    Carla Merkle Westphall

  2. Department of Automation and Systems, Post-Graduate Program in Electrical Engineering, Federal University of Santa Catarina, Florianópolis, SC, Brazil

    Joni da Silva Fraga

Authors
  1. Carla Merkle Westphall
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Joni da Silva Fraga
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Carla Merkle Westphall.

Additional information

Carla Merkle Westphall received a Master degree in Computer Science in 1996, and a Doctor degree in Electrical Engineering (Information Security) in 2000, both at the Federal University of Santa Catarina, Brazil. The main topics of her research are distributed systems security and access control. She is currently a researcher and a professor in her field of knowledge.

Joni da Silva Fraga received a Doctor degree in Automatic/Informatic in 1985 at Institut National Polytechnique de Toulouse, France. He is a Professor in the Department of Automation and Systems at the Federal University of Santa Catarina, Brazil. His research topics are distributed systems, fault tolerance, security and real-time.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Westphall, C.M., Fraga, J.d.S. Mandatory and Discretionary Policies for CORBA Security. J Netw Syst Manage 13, 309–328 (2005). https://doi.org/10.1007/s10922-005-6271-2

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10922-005-6271-2

Keywords

Search

Navigation