This new book is a clearly written, well structured guide to building secure distributed applications with CORBA. It helps securing CORBA applications, integrating security infrastructure with CORBA applications, and evaluating the security effectiveness of distributed applications. You get a comprehensive study of the CORBA security architecture, providing you with a better understanding of its goals and limitations. It serves as your complete reference for understanding security in distributed systems. The book also generously illustrates the usage of the MICOSec CORBA security services implementation, including important information on the installation and configuration of MICOSec, the usage of two different kinds of application-facing interfaces, and the configuration of CORBA security for applications that do not contain any security-related modifications.
Part I: CORBA Security ; Introduction to CORBA - Why CORBA? The Object Management Group (OMG). The Object Management Architecture (OMA). The Common Object Request Broker Architecture (CORBA). How does it all work together?; Creating and Running an Example Application; The Security Basics - What is Security? Why Security? Aspects of Security within CORBA. Security Management. Threats, Vulnerabilities, Countermeasures. Middleware Security ; The CORBA Security Architecture - Design Goals. Architectural Components. Secure CORBA on the Internet. Conformance. Features or Wish List?; Part II: MICOSec Getting Started with MICOSec - Free Software. MICO Installation. MICOSec Installation; Security Level 1 - Level 1 Functionality. Level 1 Interface. A Security-Aware Bank Application Example. Implementation Overview and Conformance.; Security Level 2 - Level 2 Functionality Overview. Principal Authentication and Secure Association. ; Object Domain Mapper for Access Control and Audit. Access Control. Security Auditing. Delegation. ; Implementation Overview and Conformance; Security-Unaware Functionality - Security-Unaware Functionality Overview. Principal Authentication and Secure Association. Object Domain Mapping. Access Control. Security Auditing. Delegation. Implementation Overview and Conformance;
-
Ulrich Lang
Ulrich Lang, a researcher at the University of Cambridge Computer Laboratory, co-founder and Research Director of ObjectSecurity Ltd., received his M.Sc. in Information Security from Royal Holloway College, at the University of London. Before that, he studied computer science with management at the Ludwig-Maximilians-Universitat in Munich, Germany.
-
Rudolf Schreiner
Rudolf Schreiner, co-founder and Chief Technology Officer of ObjectSecurity Ltd., a consultancy specialized in distributed systems security, received his Dipl.-Phys. from Ludwig-Maximilians-Universitat in Munich (Germany) in 1993. Before his career at ObjectSecurity Ltd., he worked as a freelance programmer and consultant on various computer security projects.