Design And Implementation Of CORBA-Based Distributed System Security Architecture

The purpose of CORBA was to deal with the connection of different hardware and software system in the distributed computing environment, to strengthen the interoperability of software between the network, to solve the shortage of distribute computing pattern. CORBA has defined a software component construction method allowed different applications to share their software component which is built by this method. Every object encapsulated its'particulars of internal functions, meanwhile, offered an accurate defined interface to external applications, thereby reduce the complexity of the application system also cut down the expenditure during software engineering.Because of the distributed characteristic of CORBA system, it made CORBA system could being accessed by the external attacks much easier than other system, security is becoming a major task of CORBA system engineering. This dissertation is mainly based on CORBA security reference model, posed an OpenSSL-based CORBA security service architecture, which mainly includes two modules: security service model and certificate administration model, the communication encryption, authentication, access control, certificate generation, certificate issuance, certificate revocation, certificate revocation list update functions has been realized.Encrypted communications designed primarily on the basis of API functions from OpenSSL's SSL library and the security achievement of CORBA implementation, it was benefited from the independency characteristic of SSL protocol application layer, there is no need to achieve the complex SECIOP protocol. Authentication based on SSL authentication mechanism,it was accomplished by SSL handshake protocol, and it was Simple and effective. Access control is mainly based on the OpenSSL related X.509 certificate API.Certificate generation, certificate issuance, certificate revocation, Certificate Revocation List Update, etc, functions is chiefly depend on OpenSSL-related CA API, OpenSSL CA catalog architecture and command line tools offered by OpenSSL.In the end of this dissertation, an example is given. Integrated the security architecture that referred by the dissertation into tax control system.