| With the development of the technology of computer and network communication, the application mode of computer has evolved from centralization to distribution. The development of distributed computing has accelerated greatly the application of using middleware in network information system in numerous fields such as national defense, enterprise management, education, finance, telecommunication and so on. But the more we go deep into the application, the more questions of the security of middleware which have become the bottle-neck of the development have been brought about. Middleware, especially the security of the distributed object middleware has attracted more attention by the researchers all over the world.The mainstream direction in development of the distributed computing middleware technology is the distributed object middleware, whose security service is the security architecture supporting kinds of security functions such as encryption, authentication, access control, delegation, audit, non-repudiation, certificate signing and so on. But there lie many questions in the design and realization of the architecture and the functions of the security service.In this paper, we have discussed all kinds of key technologies in the security service of middleware including security architecture, access control, delegation and certificate signing. And we realize the security service of the middleware product StarBus based on these technologies. The Following paragraphs will discuss the main work in details.1. We studied the reference architecture of the security service of middleware CSRA(CORBA Security Reference Architecture). By analyzing the functions that should be provided by the architecture, we get the function model. From the different views of the users, developers and administrators, we give the different view of the architecture. At last, we bring forward a security architecture ECSA(Enhanced CORBA Security Architecture) based on CSRA.2. To resolve the security problems occurring in using the certificate for authentication and access control, we bring out a new proactive signature algorithm that solves the problem of the confidentiality and availability of CA signature private key. This algorithm divides the lifespan of the signature private key into several short continual lifecycles, and the signature private key is shared in several servers, if only the number of the servers that have been attacked is less than the value we set in each cycle, the security and availability of the signature private key can be ensured. Besides these, we have proved the security and robust of the algorithm and realize it with the help of object middleware.3. By the combination of RBAC(Role Based Access Control) and the rights model,we bring forward and construct a role-right based access control model RRBAC based on ECSA and give a formal description of the model. After analyzing the function of the model, we divide the function into system functions, administration functions and inquiry functions. With the help of Z notion, we give the precise mathematic description to implement the functions of the applications, and find some problems in the access control standard interfaces defined in CORBASec.4. Based on ECSA, we bring forward three different delegation protocols. In the distributed applications, because using delegation, there will be many threats including no permission, rights abusing, information disclose, information temper, man-in-middle attack, unclear accountability, communication prevention. To face the challenges, we give three different delegation protocols using public-key cryptography, and analyze the threats resolved respectively by these protocols. At last, we describe how to implement these protocols through using Secure Socket Layer (SSL).5. Based on the four aspects of research discussed above, we realize the security service in the middleware product StarBus, including architecture, authentication, secure object invocations, communication protection, access control, audit, delegation, security administr...
|
PDF Full Text Request