Object Security Attributes: Enabling Application-Specific Access Control in Middleware
On the Move to Meaningful Internet Systems, 2002 - DOA/CoopIS/ODBASE 2002 Confederated International Conferences DOA, CoopIS and ODBASE 2002
Integrating PMI services in CORBA applications
Computer Standards & Interfaces - CORBA: protocols, applications, process models and standards
Integrating security policies via Container Portable Interceptors
ARM '05 Proceedings of the 4th workshop on Reflective and adaptive middleware systems
Experiences with host-to-host IPsec
Proceedings of the 13th international conference on Security protocols
| Hi-index | 0.00 |
This paper discusses the difficulties of describing anappropriate notion of the security attributes "caller"and "target" in object-oriented middleware systemssuch as CORBA. Middleware security needs such securityattributes in order to be able to express middlewarelayer security policies. Our analysis points outthat, whilst there is no information available on theORB layer to describe the caller and taryet, it is possiblein practice to use descriptors from other layers.In CORBA security, the mechanism-specific identifierson the caller side and the information from the objectreference on the target side turn out to be most appropriateand trustworthy for describing caller and targetapplication objects at the right granularity. As a proofof concept we mention our MICOSec CORBA securityimplementation which demonstrates the feasibilityof our approach. Our paper shows that it is unrealisticto expect a security service layer to be able to abstractfully from the underlying security mechanisms withoutimplications on granularity and semantic mismatches.