Riechmann, Thomas
:
Security in Large Distributed, Object-Oriented Systems.
Erlangen:
FAU.
1996
TR-I4-96-02.- Interner Bericht.
13 Seiten.
Abstract:
Nowadays we have very large distributed, partially untrusted systems
distributed on the internet. As in this environment object orientation
is becoming more frequent, security questions arise. For example, Java
is a secure language as long as object-oriented interaction between
clients and servers is handled with extreme caution. Current security
concepts are not suitable for such environments. Distributed
object-oriented applications must be adapted to run in a partially
untrusted environment, often complete code review or redesign is
required and often the security policy has to be implemented directly
into the classes of the application.
We have designed a security concept for distributed object-oriented
systems that separates the implementation of a class or an application
and the security policy. Classes can be reused without modification,
the security configuration is done orthogonally, even when managing
large distributed applications with untrusted parts.
Our concept is based on security meta objects, which can be
implemented by the user. They are bound to object references. Thus a
method call via such a reference is executed with the security policy
defined by the meta object. But not only the method call itself is
protected by that meta object. Object migration, reference passing and
object passing by value which are initiated because of the method call
are also protected by it. Propagation of references can be controlled
and propagated references can be protected without having to modify
the code of the application. As the interface of the meta objects does
not have to be adapted to the controlled reference, we can define
generic security policies, which apply as default. Security holes can,
for example, be avoided when using a restrictive default.
Our concept especially applies to type safe object-oriented languages
like Java. We designed our concept to cause very little or in most
cases even no additional overhead.
