60 likes | 198 Views
Security Vulnerabilities in RPC (csci5931). by Shaheen Pattan. RPC Security (1). Distributed applications may require a number of security measures, including: Authentication Authorization (access control) Data integrity Data privacy DCE Security provides high level of security
E N D
Security Vulnerabilities in RPC(csci5931) by Shaheen Pattan
RPC Security (1) • Distributed applications may require a number of security measures, including: • Authentication • Authorization (access control) • Data integrity • Data privacy • DCE Security provides high level of security • RPC is integrated with DCE Security
RPC RPC Runtime Authentication Runtime Authentication Runtime RPC Runtime Client Server Obj1 Obj2 Obj3 Clients request services via authenticated RPC RPCs can use checksums for data integrity and encryption for data privacy Servers make access decisions using Access Control Lists attached to objects
RPC Security (1) • Sun RPC: • secure RPC services for authentication (man secure_rpc) with four options • Kerberos v5: authentication, per-session key generation • ssleay: free library functions implementing SSLv3, for authentication and encryption • Proposed standard: Generic Security Services Application Program Interface version 2 (GSS-API v.2) (RFC2078)
RPC Security (1) More Slides yet to be added !