The Research And Implementation Of Secure Delegation Based On CORBA

The distributed object technology is the important supporting technology of distributed system . It's security is the hotspot in the research field of security in distributed system. With the development of Internet and large scale Intranet, "Service proxy"and "Business agency" are becoming important forms of software.This is a challenge of the security model to the tradition distributed object system. It is a research work of general and practical meaning to solve the problem of the delegation-oriented access control and other related security problems in these complex environments.First of all, the thesis studies the security problem in distributed object system based on CORBA Security Service Specification (CORBASec). We particularize the complex behavior and the basic concept about delegation , introduce and analyse the Security Attribute Service (SAS) protocol in CORBA Common Secure Interoperability Specification (Version2.0). Then, we confirm how to regularly solve the problem of the authentication and authorization which is correlative with delegation based on CORBASec.There are three main components of the paper's research work.Firstly, Based on full analysis of the secure ORB, we point out the limitation that the current secure ORB of StarBus3.0 can not support delegation, and explain the reason. Then we propose a delegation-supporting access control model named CBDM based on COBRASec access control model. CBDM is an effective reference model for more advanced and complex secure interoperability.Secondly, based on CBDM , we design a delegation-supporting framework named CBDF. By using secure interceptors technology, it provides the basic function of delegation while at the same time ensures the expansibility and flexibility of secure ORB.Finally, the thesis proposes some methods which can envelop, transfer, filter and manage the security attributes by secure interceptors. Then, it provides the detailed design and realization about secure interceptor and correlative Interface.The thesis realizes the main components of CBDF based on StarBus, and provides an access control service supporting the security delegation mechanism.