Interoperable Secure CORBA

1
Interoperable Secure CORBA

• Tin Qian
• Department of Computer Science
• University of Illinois

2
Outline

• Security Services in CORBA
• Secure Inter-ORB Protocol (SECIOP)
• Distributed Security Mechanisms and GSS API
• Secure ORB work at SRG

3
Overview
ORB Service Interoperability(Interceptor)
Security Functionality Level 1
Security Functionality Level 2
None-repudiation
Security Service Replaceability
SECIOP
GSS API
Kerberos
SESAME/ECMA
SSL
PKSM
4
Security Services in CORBA

• Functionality Level 1 for applications unaware
  of security services
• Functionality Level 2 application level security
  APIs including administrative API for policies
• Optional functions Non-repudiation

5
Main Security Objects
Audit Decision
Audit Channel
Principal Authenticator
Application Access Decision
Current
NR Credentials
Credentials
Secure Invocation
Access Control
Audit and Non-repudiation
Security Context
Vault
Access Decision
Audit Decision
Audit Channel
Secure Invocation Policies
Access Polices
Invocation Audit Polices
Application Audit Policies
Delegation Policies
Domain Manager
6
Security Services in CORBA
Server
Client
ORB Core
7
Secure Inter-ORB Protocol

• Security Extensions to Interoperable Object
  Reference (IOR)
• Security Interoperability Protocol (SECIOP) to
  establish security association and protect GIOP
  messages
• Different Common Security Interoperability
  levels CSI Level 0-2 (delegation privilege)

8
Secure IOR
...
SPKM,KerberosV5,CSI_ECMA,SSL
TAG_SEC_NAME
TAG_ASSOCIATION_OPTIONS
9
SecIOP Protocol
Thread
Thread
Thread
Thread
GIOP/IIOP
GIOP/IIOP
SECIOP
SECIOP
TCP Connections
10
SecIOP Protocol

• Sequencing layer to deliver GIOP messages in
  order using a link protocol (ALP)
• Context management layer to establish and control
  a secure association between clients and servers

11
GSS API

• GSS API tokens for each mechanism adopted as
  SECIOP tokens in CSI protocols
• JGSS our Java wrapper linking kerberos systems
  with Java programs
• Sesame GSS API extended with privilege attributes
  including access rights, groups, and roles

12
Kerberos and Sesame

• PromiaKerberos a Java library implements
  kerberosV5 authentication protocol(RFC 1510)
• UIUCSesame our extended Java library implements
  SESAME authentication protocol
• Privilege attributes (PAC in ECMA-219) and public
  key support

13
Cherubim Secure ORB

• Security Functionality Level 1
• Message protection and Principal authentication
  using SSL
• Active Capability based authorization inside
  interceptors
• Security Policy representation framework

14
Secure ORB in Java

• CSI level 2 using UIUCSesame
• CORBA security functionality level 1/2 based on
  Cherubim Secure ORB prototype
• Administrative services for security policy
  management
• Existing ones OrbixSecurity(Kerberos), OrbixSSL,
  VisiBroker SSL, and ORBASec SL2(Kerberos)

15
Some Research Questions

• Can existing OS be configured or stripped down to
  provide adequate support for secure middle wares
  like CORBA?
• Can different secure ORBs with different policies
  and mechanisms interoperate?