Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control in CORBA Gerald Brose Institut für Informatik Freie Universität Berlin Oberseminar AG Softwaretechnik, Albert-Ludwigs-Universität Freiburg.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Access Control in CORBA Gerald Brose Institut für Informatik Freie Universität Berlin Oberseminar AG Softwaretechnik, Albert-Ludwigs-Universität Freiburg."— Presentation transcript:

1 Access Control in CORBA Gerald Brose Institut für Informatik Freie Universität Berlin Oberseminar AG Softwaretechnik, Albert-Ludwigs-Universität Freiburg

2 Gerald Brose, Freie Universität Berlin 227.6.2000 Overview 1. Access Control 2. Introduction to CORBA Security 3. CORBA Access Control Concepts 4. Raccoon

3 Gerald Brose, Freie Universität Berlin 327.6.2000 1. Access Control 1. Access Control  Access Decision Function: adf : Policy  Aci  {allow,deny}  Mechanism  Mechanism: Implementation of adf() (DS: Middleware masks heterogeneity)  Policy  Policy: Specification of rules

4 Gerald Brose, Freie Universität Berlin 427.6.2000 Access Control Mechanisms  Reference Monitor interceptor in the access path mediates all accesses  Capabilities target reference with rights required to make accesses  Tickets cryptographically secured tokens passed on access

5 Gerald Brose, Freie Universität Berlin 527.6.2000 Access Control Policies  Described at different levels of granularity, abstraction, formality: requirements: informal, enterprise view informational: formal, information view operational: formal, technology view  „Semantic gap“  policy management is both error- prone and sensitive!

6 Gerald Brose, Freie Universität Berlin 627.6.2000 Policy management Support for the entire life cycle  Policy specification/design (Developer) high-level model  Installation (Deployer) in actual environments, efficient implementation  Management (Manager) Monitoring, Adaptation to context changes

7 Gerald Brose, Freie Universität Berlin 7 2. CORBA Security  Reference model and APIs  technology-neutral (Kerberos, SESAME, SSL, DCE-Security)  Security Functions at two levels: Level 1: transparent Level 2: APIs security-aware clients  Protocols for Secure Interoperability  (Firewalls: orthogonal)

8 Gerald Brose, Freie Universität Berlin 8 Security Services  Protection: Objects (access control) Communication (confidentiality/integrity) “Secure Invocation”  Auditing  Accountability/Non-repudiation

9 Gerald Brose, Freie Universität Berlin 9 General Model Current ORB Core Target ORB Security Security Association ORB Security Access control Secure Invocation Secure Invocation Access control Access Decision Policy Obj-Reference Client Credentials Current Credentials Security Association Policy Secure Inter- operability

10 Gerald Brose, Freie Universität Berlin 1027.6.2000 Secure Interoperability (CSI)  Invocations across domain boundaries technology, policy  Establish Security Association negotiate technology (algorithms) and parameters (key lengths, etc.)  currently under revision at OMG define standard Privilege Attribute Cert.

11 Gerald Brose, Freie Universität Berlin 1127.6.2000 Security Policy Domains  Policy Domains = set of objects with the same policy  Hierarchical and overlapping domains  Policy conflicts?

12 Gerald Brose, Freie Universität Berlin 12 3. Access Control Concepts  Principals: sets of security attributes  Generic Rights in Families: family corba: g, s, u, m  Policies assign effective Rights to Principals  Operations require Rights  Rights Combinators: any, all

13 Gerald Brose, Freie Universität Berlin 13 Required Rights  Group operations by sensitivity  specified system-wide

14 Gerald Brose, Freie Universität Berlin 14 Effective Rights  Granted by policy

15 Gerald Brose, Freie Universität Berlin 15 Restrictions  Coarse-grained, does not scale limited set of rights  Rights collisions all objects of a type are treated equal!  hard to manage: not OO, low level of abstraction semantic gap: requirements “lost”  hard to specify: not expressive: no dynamic properties, no exceptions no language support, untyped

16 Gerald Brose, Freie Universität Berlin 1627.6.2000 4. Raccoon  Prof. Löhr (leader), part of DFG- Schwerpunktprogramm “Sicherheit”  Support for security policy management Managing security policy domains: –Policy Domain Service + GUI tool Managing policies: –View Policy Language: language + tools efficient and scalable acces controls

17 Gerald Brose, Freie Universität Berlin 17 Managing Policy Domains  Managing Domain life cycles and relationships  Managing object life cycles wrt. Domain Membership  Policy Domain Service: realizes relation O  Dom  Pol management operations “metapolicies” resolve policy conflicts

18 Gerald Brose, Freie Universität Berlin 1827.6.2000 View Policy Language View Policy Language  Declarative Policy Language static type checks Documentation, Communication, Manageability, Reuse  object-oriented Protection model  expressive, structured  fine-grained and scalable  specification and management tools

19 Gerald Brose, Freie Universität Berlin 1927.6.2000 Views  contain rights for operations on objects  typed by controlled object type view Resolver controls NamingContext { allow resolve; list; deny bind; }

20 Gerald Brose, Freie Universität Berlin 2027.6.2000 roles chair, member, author role assertion card( author and chair ) = 0; card( chair ) = 1 Users in Roles  Users not known in advance, but Roles  Roles = Actors as in Use-Case-Models  Authentication Service certifies role membership

21 Gerald Brose, Freie Universität Berlin 2127.6.2000 Object o1:Paper o2:Paper o3:Review o4:T Role Chair v1, v2 v1,v3... Reviewer v2 v4 v5 v6,v7 Author - v4 - v7 view Reader controls Paper{ allow read; }; view Owner : Reader{ allow destroy; }; Access Matrix Model  Entries well-formed well-typed

22 Gerald Brose, Freie Universität Berlin 2227.6.2000 interface Paper { Review submitReview(in string text); }; schema Paper { submitReview grants result.update to caller; grants this.getReview to caller; revokes this.submitReview from caller; }; Dynamic Changes: Schemas

23 Gerald Brose, Freie Universität Berlin 2327.6.2000 Steps in Policy Design 1. Identification of roles 2. Definition of Views for access use cases (3.) Definition of Schemas for dynamic changes 4. Definition of initial Views

24 Gerald Brose, Freie Universität Berlin 2427.6.2000 http://www.inf.fu-berlin.de/inst/ag-ss/raccoon  G. Brose: A typed access model for CORBA, to appear: Proc. ESORICS 2000.  G. Brose, K.-P. Löhr: VPL - Sprachunterstützung für den Entwurf von Zugriffsschutzpolitiken, Proc. VIS’99.  G. Brose: A view-based access model for CORBA, in: J. Vitek, C. Jensen (Hrsg.): Secure Internet Programming: Security Issues for Mobile and Distributed Objects, Springer LNCS, 1999.  G. Karjoth: Authorization in CORBA Security, Proc. ESORICS 1998. References

Download ppt "Access Control in CORBA Gerald Brose Institut für Informatik Freie Universität Berlin Oberseminar AG Softwaretechnik, Albert-Ludwigs-Universität Freiburg."

Similar presentations

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.

The Role of Trust Management in Distributed Systems Authors Matt Blaze, John Feigenbaum, John Ioannidis, Angelos D. Keromytis Presented By Akshay Gupte.
The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.

The Challenges of CORBA Security It is important to understand that [CORBAsecurity] is only a (powerful) security toolbox and not the solution to all security.
CS 603 CORBA Security April 3, 2002. Security Service: Overview Goals –Confidentiality –Integrity –Accountability –Availability Where –IDL for security.

CS 603 CORBA Security April 3, Security Service: Overview Goals –Confidentiality –Integrity –Accountability –Availability Where –IDL for security.
Understanding WebLogic Security

Understanding WebLogic Security
Securing the Broker Pattern Patrick Morrison 12/08/2005.

Securing the Broker Pattern Patrick Morrison 12/08/2005.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
A typed Access Control Model for CORBA Gerald Brose Institut für Informatik Freie Universität Berlin, Germany ESORICS 2000, October 4-6, Toulouse, France.

A typed Access Control Model for CORBA Gerald Brose Institut für Informatik Freie Universität Berlin, Germany ESORICS 2000, October 4-6, Toulouse, France.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.

6/4/2015Page 1 Enterprise Service Bus (ESB) B. Ramamurthy.
CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 28 Fall 2002.
A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.

A brief look at CORBA. What is CORBA Common Object Request Broker Architecture developed by OMG Combine benefits of OO and distributed computing Distributed.
CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.

CS 501: Software Engineering Fall 2000 Lecture 16 System Architecture III Distributed Objects.
Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.

Edward Tsai – CS 239 – Spring 2003 Strong Security for Active Networks CS 239 – Network Security Edward Tsai Tuesday, May 13, 2003.
Middleware Security Middleware Security Research Overview and Planned Projects Ulrich Lang

Middleware Security Middleware Security Research Overview and Planned Projects Ulrich Lang
Integrating Access Control Design into the Software Development Process G. Brose (Xtradyne AG) M. Koch, P.Löhr (FU Berlin) IDPT‘02, June 2002.

Integrating Access Control Design into the Software Development Process G. Brose (Xtradyne AG) M. Koch, P.Löhr (FU Berlin) IDPT‘02, June 2002.
II. Middleware for Distributed Systems

II. Middleware for Distributed Systems
Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.

Software Engineering Module 1 -Components Teaching unit 3 – Advanced development Ernesto Damiani Free University of Bozen - Bolzano Lesson 2 – Components.
Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.

Distributed Collaborations Using Network Mobile Agents Anand Tripathi, Tanvir Ahmed, Vineet Kakani and Shremattie Jaman Department of computer science.
Lecture 7 Access Control

Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.

Similar presentations

Ads by Google