150 likes | 267 Views
CS 603 CORBA Security. April 3, 2002. Security Service: Overview. Goals Confidentiality Integrity Accountability Availability Where IDL for security classes Internal ORB checks IIOP extensions for inter-ORB security. Key (visible) Features. Authentication
E N D
CS 603CORBA Security April 3, 2002
Security Service: Overview • Goals • Confidentiality • Integrity • Accountability • Availability • Where • IDL for security classes • Internal ORB checks • IIOP extensions for inter-ORB security
Key (visible) Features • Authentication • Is principal (user or object) who they claim to be? • Authorization • Does a principal has the right to perform an operation? • Auditing • Who is the source user (human) for an action? • Communication • Ensure messages not corrupted and (optionally) not intercepted • Non-repudiation • Irrefutable evidence that an action has been performed • Administration • How do we define the policy?
Simple Consistent Scalable Usable for end users Usable for administrators Usable for implementers Flexible access control Audit functionality profiles Technology neutral Application portability Interoperability different vendors secure to non-secure different domains different technology Performance Object-Oriented Conform to regulations Conform to standard evaluation criteria Specific Goals
Main Packages (at least one required) Level 1: Applications unaware of security Level 2: Application control of policy Optional packages Non-repudiation Replaceable packages ORB services: Intercepter interfaces (security external to ORB), or Security Service: Standard ORB interface Common Secure Interoperability Level 0: Identity based policies without delegation Level 1: Identity with unrestricted delegation Level 2: Identity and privilege policies, controlled delegation SECIOP Interoperability package Security Mechanism Packages SPKM protocol – CSI level 0 (basic public key) GSS Kerberos – CSI level 1 CSI-ECMA – CSI level 2 (SESAME) SSL – CSI level 0 SECIOP + DCE-CIOP interoperability Security Packages
So how does it work? • Credentials • Client obtains credentials giving principal’s security attributes • Identity • Privilege: Groups, Roles, Capabilities, Clearances • Also Public (unauthenticated) credentials • Credentials can selectively be attached to object reference • Delegation • None – reference uses it’s own credentials • Simple – reference runs as principal • Combined – reference gets merge of self and principal • Composite – reference gets two sets of credentials (can trace) • Time restrictions on delegation
Responsibilities • Enterprise manager • Type of access control policy • Level of auditing • Level of protection • End user • Application Developer • Administrator • Domain administration, user creation, etc. • Object system implementer • Install ORBs/services
Interfaces • Level 1: • Current:get_attributes – get credentials of invoking principal • Level 2: • PrincipalAuthenticator • Credentials Authenticate() • _authentication() – for multi-step authentication • Credentials • Set_security_features(), Get_security_features() • Delegation allowed? Secure communication? • Set_privileges() – Set group, role, clearance • Also identity: AuditId, AccountingId, NonRepudiationID • Get_attributes() – given types, get values • Is_valid() – Is the credential timed-out? • Refresh() – renew timed-out credential
Interfaces(Level 2, continued) • SecurityLevel2::Object (CORBA::Object) • Override_default_credentials() • Override_default_QOP() – communication • Get_security_features() • Get_active_credentials() • Current – security aspects of a given call • Get_attributes() (Security level 1) • Get_credentials() • Set_credentials() • Received_credentials • Received_security_features
Interfaces(Level 2, continued) • AuditChannel • Audit_write() – write to log • AuditDecision • Audit_needed() • Audit_channel • AccessDecision • Access_allowed()
Security Domains • Policy – common security policy • Hierarchichal • Federated • Domains for different policies may overlap • Environment – area with local enforcement • Technology – same mechanisms