Research And Implementation On Access Control Policy In CORBA Security

With the wide use of CORBA(Common Object Request Broker Architecture), CORBA security is confronted with a real challenge. Especially the access control of numerous objects in CORBA is the bottleneck to construct the high-powered environment of security. As an advanced means of access control, the strongpoint of RBAC(Role-Based Access Control) is making off the roles which separates the users from the permissions according to the security requirements for the relevant assignments. Therefore RBAC can be used to solve the complicated access control in CORBA security.Based on analyzing the feasibility of implementing RBAC into CORBA, the system architecture of RICS(RBAC In CORBA System) is proposed with the support offered by CORBA security services. And the detail designs for the key components are followed. The frame of PKIX(Public Key Infrastructure based on X.509) for identity authentication is responsible for the principal authentication. The interceptors in CORBA guarantee the security to the access control after implementing RBAC into CORBA. Policy Factory is designed to manage the policy objects and the configurations of RBAC, which achieves the central management of access control policies. The steps for access decision are optimized by policy factory and the tailored figure of invoking objects. In conclusion, the design of RICS is in view of being configurable and extensible.The process of access control actualized by the interceptors falls into three successive phases of creating the credential, binding and access decision based on RICS and the suitable points to intercept. Then the CORBA application example of PMS(Projects Management System) is presented. The interceptor can ensure that access control will occur before any request gets to the server.The result of implementing PMS proves that RICS realizes the automatic role activation by the objects communication. That makes the access control policies more flexible and effective. The whole system is adaptable to the frequently changed configuration of RBAC.