Authorization in CORBA security

  • Günter Karjoth
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1485)


Integration of security and object-oriented techniques is critical for the successful deployment of distributed object systems. In December of 1995, the Object Management Group published a security service specification called CORBA Security to handle security in object systems that conform to the Object Management Architecture. This paper provides a rigorous definition of the authorization part of CORBA Security. Its semantics is given in terms of an access control matrix. The dependencies among the authorization elements are analyzed and possible interpretations for access control decision functions are given. The expressivity of the authorization model to define a wide range of policies, in particular mandatory access control, is discussed.


authorization object access control CORBA distributed object systems 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [1]
    E. Bertino, S. Jajodia, and P. Samarati. Access controls in object-oriented database systems: Some approaches and issues. In N. Adam and B. Bhargava, editors, Advanced Database Concepts and Research Issues, Lecture Notes in Computer Science #759, Chapter 2, Springer Verlag, 1993.Google Scholar
  2. [2]
    M. Benantar, G. Blakley, and A. Nadalin. Approach to object security in Distributed SOM. IBM Systems Journal, 35(2):192–203, 1996.CrossRefGoogle Scholar
  3. [3]
    S.L. Chapin, W.R. Herndon, L. Notargiacomo, M.L. Katz, and T.J. Mowbray. Security for the common object request broker architecture (CORBA). In 10th Annual Computer Security Applications Conference, pages 21–30, Computer Society Press, 1994.Google Scholar
  4. [4]
    M. Harrison, W. Ruzzo, and J. Ullman. Protection in operating systems. Communications of the ACM, 19(8):461–471, 1976.MATHMathSciNetCrossRefGoogle Scholar
  5. [5]
    B. Hartman, D. Nessett, and N. Yialelis. Scalability of Security in Distributed Object Systems: Panel Session. In The Internet Society 1996 Symposium On Network And Distributed System Security (NDSS ’96), pages 40–41, Computer Society Press, 1996.Google Scholar
  6. [6]
    S. Jajodia, P. Samarati, V.S. Subrahmanian, and E. Bertino. A Unified Framework for Enforcing Multiple Access Control. In ACM SIGMOD Int’l. Conf. on Management of Data, SIGMOD Record (ACM Special Interest Group on Management of Data), 26(2), pages 474–485, 1997.Google Scholar
  7. [7]
    D. Jonscher and K.R. Dittrich. Argos — A Configurable Access Control System for Interoperable Environments. In D.L. Spooner, S. Demurjian, and J. Dobson, editors, Database Security, IX: Status and Prospects, Chapman & Hall, 1996.Google Scholar
  8. [8]
    Object Management Group. OMG White Paper on Security. Document 94.4.16, OMG Security Working Group, April 1994.Google Scholar
  9. [9]
    Object Management Group. Object Services RFP 3. Document 94-7-1, 1994.Google Scholar
  10. [10]
    Object Management Group. Object Management Architecture Guide. Revision 3.0, June 1995. John Wiley & Sons.Google Scholar
  11. [11]
    Object Management Group. The Common Object Request Broker: Architecture and Specification. Revision 2.0, July 1995.Google Scholar
  12. [12]
    Object Management Group. Security Service Specification. In CORBA services: Common Object Services Specification, Chapter 15, November 1997.Google Scholar
  13. [13]
    R.S. Sandhu. The typed access matrix model. In IEEE Symposium on Research in Security and Privacy, pages 122–136, Computer Society Press, 1992.Google Scholar
  14. [14]
    R.S. Sandhu and S. Ganta. On the minimality of testing for rights in transformation models. In IEEE Symposium on Research in Security and Privacy, pages 230–241, Computer Society Press, 1994.Google Scholar
  15. [15]
    D.L. Spooner. The impact of inheritance on security in object-oriented database systems. In C.E. Landwehr, editor, DATABASE SECURITY II: Status and Prospects, pages 141–150. Elsevier Science Publishers B.V. (North-Holland), 1989.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Günter Karjoth
    • 1
  1. 1.IBM Research DivisionZurich Research LaboratorySwizerland

Personalised recommendations