1. Security Vulnerabilities in RPC (csci5931)
by Shaheen Pattan

2. RPC Security (1)
Distributed applications may require a number of security measures, including:
Authentication
Authorization (access control)
Data integrity
Data privacy
DCE Security provides high level of security
RPC is integrated with DCE Security

3. RPC Client Server Clients request services via authenticated RPC
Runtime
Authentication
Runtime
Authentication
Runtime
RPC
Runtime
Client
Server
Obj1
Obj2
Obj3
Clients request services
via authenticated RPC
RPCs can use checksums
for data integrity and
encryption for data privacy
Servers make access decisions
using Access Control Lists
attached to objects

4. RPC Security (1)

5. RPC Security (1) Sun RPC:
secure RPC services for authentication (man secure_rpc) with four options
Kerberos v5: authentication, per-session key generation
ssleay: free library functions implementing SSLv3, for authentication and encryption
Proposed standard: Generic Security Services Application Program Interface version 2 (GSS-API v.2) (RFC2078)

6. RPC Security (1)
More Slides yet to be added !