TAPIDO: trust and authorization via provenance and integrity in distributed objects
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Role-based access control (RBAC) in Java via proxy objects using annotations
Proceedings of the 15th ACM symposium on Access control models and technologies
International Journal of Networking and Virtual Organisations
A tool-supported method for the design and implementation of secure distributed applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Hi-index | 0.00 |
Both Java RMI and Jini use a proxy-based architecture. In this architecture, a client interacts with a service through a proxy, which is code downloaded from a directory and installed on the client's machine. An attacker who controls the communication channels or the directory may compromise the confidentiality and integrity of the client and of the service. We present a security architecture that protects both clients and services in distributed proxy-based computing. In this architecture, the service registers a signed authentication proxy with the directory. The client, after downloading a signed authentication proxy from the directory, verifies the signature on the proxy, authenticates itself to the service through the proxy, and receives a dedicated session proxy for the service over a secure channel. We also describe a Java-based toolkit that implements the security architecture. This toolkit enables developers to add security to Java RMI-based applications with minimal implementation effort.