Secure Network Objects
We describe the design and implementation of secure network objects, which provide security for object-oriented network communication. The design takes advantage of objects and subtyping to present a simple but expressive programming interface for security, supporting both access control lists and capabilities. The implementation of this design fits nicely within the structure of the existing network objects system; we discuss its internal components, its performance, and its use in some applications.
KeywordsIdentity Object Address Space Secure Channel Object Management Group Common Object Request Broker Architecture
Unable to display preview. Download preview PDF.
- 3.Luca Cardelli. A language with distributed scope. Computing Systems, 8(1):27–59, January 1995.Google Scholar
- 4.W.R. Cheswick. An evening with Berferd, in which a hacker is lured, endured, and studied. In Proceedings of the Usenix Winter’ 92 Conference, 1992.Google Scholar
- 5.R.H. Deng, S.K. Bhonsle, W. Wang, and A.A. Lazar. Integrating security in CORBA based object architectures. In Proceedings of the 1995 IEEE Symposium on Security and Privacy, pages 50–61, May 1995.Google Scholar
- 7.Li Gong. A secure identity-based capability system. In Proceedings of the 1989 IEEE Symposium on Security and Privacy, pages 56–63, May 1989.Google Scholar
- 8.Graham Hamilton. Personal communication, 1994 and 1996.Google Scholar
- 9.Paul Ashley Karger. Improving Security and Performance for Capability Systems. PhD thesis, Cambridge University, October 1988.Google Scholar
- 13.J. Mitchell, J. Gibbons, G. Hamilton, P. Kessler, Y. Khalidi, P. Kougiouris, P. Madany, M. Nelson, M. Powell, and S. Radia. An overview of the Spring system. In IEEE Compcon Spring 1994, February 1994.Google Scholar
- 14.R. Molva, G. Tsudik, E. van Herreweghen, and S. Zatti. Kryptoknight authentication and key distribution system. In Proceedings of the European Symposium on Research in Computer Security, November 1992.Google Scholar
- 15.Sape J. Mullender, Andrew S. Tanenbaum, and Robbert van Renesse. Using sparse capabilities in a distributed operating system. In Proceedings of the 6th IEEE conference on Distributed Computing Systems, June 1986.Google Scholar
- 16.National Bureau of Standards. Data encryption standard. FIPS 47, 1977.Google Scholar
- 17.Roger Needham. Names. In Sape Mullender, editor, Distributed Systems, chapter 12, pages 315–327. Addison-Wesley, second edition, 1993.Google Scholar
- 18.Greg Nelson, editor. Systems Programming with Modula-3. Prentice Hall, 1991.Google Scholar
- 19.Object Management Group. Common object request broker architecture and specification. OMG Document number 91.12.1.Google Scholar
- 20.Object Management Group. OMG documents. See URL: http://www.omg.org/.
- 21.Open Software Foundation. Introduction to OSF DCE. Revision 1.0, 1992.Google Scholar
- 22.R.L. Rivest and S. Dusse. RFC 1321: The MD5 message-digest function. Internet Activities Board, 1992.Google Scholar
- 23.Marc Shapiro. Structure and encapsulation in distributed systems: The proxy principle. In IEEE International Conference on Distributed Computer Systems, May 1986.Google Scholar
- 25.J.G. Steiner, C. Neuman, and J.I. Schiller. Kerberos: An authentication service for open network systems. In Usenix 1987 Winter Conference, pages 191–202, January 1988.Google Scholar
- 26.Sun Microsystems. RFC 1057: RPC: Remote procedure call protocol specification: Version 2. Internet Activities Board, June 1988.Google Scholar