Study And Implement On Security Attribute Service In CORBA

The security of Distributed Object Technology, which is a main supporting technology of distributed system, is always a focus of research in the field of the application of distributed system. Along with the development and more and more wide application of Internet and large-scale Intranet, most of the relationships between the request-entity and service-entity have been changed from direction into indirection. Service proxy and business agency have become important software forms in distributed system, which has become a new challenge to the traditional security model and mechanisms of distributed object system. It's an important and practical research project to solve the security problem inclusive of identity authentication and delegation in such complex environment.This paper does a research on the problem of the identity authentication and the security delegation in the distributed object technology based on CORBA Security Specification and the contents of CSIv2. At first, this paper introduces the authentication technology in distributed system and goes deep into the basic concepts and complex behaviors of the security delegation. Secondly, we analysis the content of the security attributes service protocol in CSIv2 and its mechanisms of authentication and delegation. Thirdly, the key techniques in the design and implementation of security have been studied and a framework to implement security attribute service has been brought forward. We have built a dynamic model of the disposition of security attribute service and described the algorithm of construction and verification of security attribute context. At last, we implemented the security attribute service conformed to CSIv2 LevelO on the platform of StarBus5.0 which is a CORBA middleware and conducted the test of function and security interoperation.The framework of the implementation of security attribute service in the paper is based on interceptor technology, which can add the security attribute service into the ORB core agilely and portably without modification of ORB core. This framework is a flexible structure and supports multi-level security agencies.The tests show that the module of security attribute service can provides the functions of client authentication and identity delegation based on user name and password for StarBus platform. At the same time, this module can interoperate with other ORB's security service and other CORBA security products based on various operating systems and programming languages. These features will add more mighty ability to integrate the system security to this platform and makes it possible for this platform to support the development of complex distributed system more perfectly.