1 / 6

Security Vulnerabilities in RPC (csci5931)

This article discusses the security measures required for distributed applications, including authentication, authorization, data integrity, and data privacy. It explores the integration of security in RPC with DCE Security and highlights the use of authentication, checksums, and encryption for data privacy. The article also provides an overview of secure RPC services for authentication, such as Kerberos v5 and ssleay.

adarlene
Download Presentation

Security Vulnerabilities in RPC (csci5931)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Vulnerabilities in RPC(csci5931) by Shaheen Pattan

  2. RPC Security (1) • Distributed applications may require a number of security measures, including: • Authentication • Authorization (access control) • Data integrity • Data privacy • DCE Security provides high level of security • RPC is integrated with DCE Security

  3. RPC RPC Runtime Authentication Runtime Authentication Runtime RPC Runtime Client Server Obj1 Obj2 Obj3 Clients request services via authenticated RPC RPCs can use checksums for data integrity and encryption for data privacy Servers make access decisions using Access Control Lists attached to objects

  4. RPC Security (1)

  5. RPC Security (1) • Sun RPC: • secure RPC services for authentication (man secure_rpc) with four options • Kerberos v5: authentication, per-session key generation • ssleay: free library functions implementing SSLv3, for authentication and encryption • Proposed standard: Generic Security Services Application Program Interface version 2 (GSS-API v.2) (RFC2078)

  6. RPC Security (1) More Slides yet to be added !

More Related