Ulrich Lang

The Challenges of CORBA Security

Large, distributed applications play an increasingly central role in today’s IT environment. The diversity and openness of these systems have given rise to questions of trust and security. It is the aim of the project Secure TINA to examine exactly these questions and try to find possible solutions. The focus lies on OMG’s Common Object Request Broker Architecture (CORBA) as a basis technology for developing distributed systems and on the Security Service specified for it, since this seems to be the most promising technology in the field. The followed approach is thereby twofold. At first, a thorough analysis of the specification itself and known implementations thereof is performed, based also on experiences in the broader area of distributed systems security. At a second, more practical stage, the attempt to develop an own, prototypical implementation of CORBA Security is undertaken, with the main objective of gaining as much practical experience as possible and experimenting with possible alternatives to find a solution to the problems encountered.

Integrating Security Policies via Container Portable Interceptors

Enforcing appropriate security policies in distributed, component-based applications is difficult. A generic framework to define and evaluate security policies is necessary, and that framework must be integrated with the middleware platform. The middleware must provide the necessary hooks to intercept calls and obtain the information required for security enforcement. We designed and developed a security framework, integrated it into the CORBA component model middleware platform, and evaluated it in a real-world project

Flexibility and Interoperability in CORBA Security

Abstract This paper will discuss the fundamental clash between flexibility and interoperability in CORBA security and in distributed object systems security in general. Also, the impact of flexibility and interoperability issues on the security of such systems will be covered. By presenting various relevant technical issues in CORBA security, this paper tries to identify where a reasonable trade-off between flexibility and interoperability is achieved and where CORBA security has unnecessary flexibility or interoperability limitations.

Integrating security policies via Container Portable Interceptors

Enforcing appropriate security policies in distributed, component-based applications is difficult. A generic framework to define and evaluate security policies is necessary, and that framework must be integrated with the middleware platform. The middleware must provide the necessary hooks to intercept calls and obtain the information required for security enforcement. We designed and developed a security framework, integrated it into the CORBA component model middleware platform, and evaluated it in a real-world project

Proximity-Based Access Control (PBAC) using Model-Driven Security

Unfortunately, well-established classic security models for access control are often not sufficient anymore for many of today’s use cases and IT landscapes, including for example Internet of Things (IoT) and big data analytics. Access control (and security/privacy in general) requirements and implementations have frequently become very different, and more challenging, compared to conventional enterprise or internet-facing IT environments. More sophisticated approaches based on fine-grained, contextual, dynamic access control are required. This paper focuses on “Proximity Based Access Control” (PBAC), a particularly advanced access control approach that can implement flexible, proximity-based, dynamic, contextual access. PBAC, together with Attribute Based Access Control (ABAC) and Model Driven Security (MDS) is used to express and enforce such security and privacy requirements. Section 1 motivates the need for advanced access control for many of today’s environments. Section 2 first introduces ABAC, then section 3 discusses PBAC within the context of ABAC. Section 4 introduces MDS. Finally, section 5 presents a detailed Intelligent Transport Systems (ITS) example of PBAC, implemented using MDS and an extension of ABAC).

Managing business compliance using model-driven security management

Compliance with regulatory and governance standards is rapidly becoming one of the hot topics of information security today. This is because, especially with regulatory compliance, both business and government have to expect large financial and reputational losses if compliance cannot be ensured and demonstrated. One major difficulty of implementing such regulations is caused the fact that they are captured at a high level of abstraction that is business-centric and not IT centric. This means that the abstract intent needs to be translated in a trustworthy, traceable way into compliance and security policies that the IT security infrastructure can enforce. Carrying out this mapping process manually is time consuming, maintenance-intensive, costly, and error-prone. Compliance monitoring is also critical in order to be able to demonstrate compliance at any given point in time. The problem is further complicated because of the need for business-driven IT agility, where IT policies and enforcement can change frequently, e.g. Business Process Modelling (BPM) driven Service Oriented Architecture (SOA). Model Driven Security (MDS) is an innovative technology approach that can solve these problems as an extension of identity and access management (IAM) and authorization management (also called entitlement management). In this paper we will illustrate the theory behind Model Driven Security for compliance, provide an improved and extended architecture, as well as a case study in the healthcare industry using our OpenPMF 2.0 technology.

CORBA security on the Web—an overview

Abstract CORBA is a useful platform for world wide web based applications because it abstracts many of the inherent complexities of open distributed applications. Also, CORBA allows the transparent provision of security which is critical for many web based applications, e.g. electronic commerce. This paper outlines the principal security considerations for web-based CORBA applications and presents some of the implementation options to meet these requirements. Special focus is given to the often overlooked problem of integrating secure CORBA-based applications with current firewall technology.

Security Policy Automation for Smart Grids: Manageable Security & Compliance at Large Scale

A smart grid is an electricity network that has been infused with information and digital communications technology to provide greater control, stability, reliability and flexibility of the power grid. Technology has been added from the consumer premise which includes appliances, thermostats, home energy managers and load control switches all the way back to the generation facilities. The combination of these technologies could potentially optimize demand management, save energy, reduce costs, increase reliability, connect alternative and home-generated energy sources to the grid (i.e. transmitting a bi-directional flow of energy), and evolve into a powerful platform for new business opportunities. In order for smart grids to achieve all objectives, cyber security and risks (e.g. cybercrime or cyber warfare) and privacy concerns must be overcome. The smart grid adds new entry points to the older technologies that are already vulnerable but were previously protected from exploit by physical isolation. Theoretical concerns have become practical realities as a number of vulnerabilities in the smart grid and power complexes have been exploited. After a general introduction to smart grids and smart grid security, this paper analyses security (control) and compliance (visibility) requirements for smart grids. In order to justify the need for security policy automation, the paper focuses on the hard-to-implement least privilege, information flow enforcement, and security incident monitoring/reporting/auditing requirements. The paper then presents “model-driven security policy automation” (control) and “model-driven security incident monitoring/analysis automation” (visibility) within the context of smart grids, and explains how alternative approaches such as identity and access management and authorization management are necessary but not sufficient on their own. The presented “model-driven security” (MDS) policy automation solution uniquely helps solve the challenge of capturing, managing, enforcing, and monitoring/analysing fine-grained, contextual technical authorization policies for small to large scale smart grids.

Cryptography and Middleware Security

Middleware gives applications an abstract view of the underlying technology. Access control policies define the authorisations of principals. When no suitable representation of principals is available on the middleware layer, policies resort to using verifiable identifiers of underlying cryptographic mechanisms. However, this approach collides with the aim of hiding mechanism-specific details, which include the underlying cryptographic mechanisms. This paper analyses the difficulties of fitting cryptographic mechanisms into a middleware security architecture without breaking either security or the original middleware design goals.

Security in CORBA-based electronic commerce systems

Abstract Electronic commerce provides business with new ways of advertising and selling goods, services, and information to large groups of customers in dynamic open electronic commerce environments. In 1997, a total of 10 million PCs in the United States were used for shopping on the Internet, both for electronic and physical goods and services. This article addresses the technologies for realizing electronic commerce applications that go beyond the current state-of-the-art, focussing on the relevance of the CORBA framework for these solutions.