Computer Science (Jan 1999)
The Internet Inter-Orb Protocol Security Bridge
Abstract
In this paper, we present a security bridge for the Internet protocol of interoperability amongst CORBA objects and the Internet inter-ORB Protocol (IIOP). The bridge helps in making accessible objects in the Internet and makes possible the access control to them. The bridge was realized in the popular request broker the Visigenic's VisiBroker under Windows 95/NT and Solaris 2.X operating systems. We describe two ways of locating the bridge in the request broker. The first means uses one name domain of broker and is not transparent for client. The second one uses two name domains and provides objects protection on the level of the Naming Service and is transparent lor the client. We also describe the variant ofthe second means with using GateKeeper server to support IIOP tunneling within HTTP. We emphasize the importance of a firewall, cooperating with a bridge. which is required for the purpose of providing object protection. The paper presents an original conception of security managing, basing on the ideas of users, groups and resources defined using the standard terms of CORBA, IIOP and TCP/IP, that allows to control positively and negatively the access to classes (interfaces), objects and also to their individual methods. This conception was effectively implemented in a functioning bridge. Further chapters describe the foundations and some details of the bridge implementation sueli as the use ofthe Interface Repository, cache memory application, thread synchronization and the way of synchronization of the configuration applet with the bridge's objects. We discuss the influence of these solutions on the efficiency ofthe bridge and its source code portability. We also present the general structure of the component objects ofthe bridge with a scheme. ln the next part we characterize the implementation foundations ofthe bridge manager, realized as an applet in Java, with the stress on the possibility of the bridge configuration through the network. Later, we describe the functionality ofthe bridge manager, which allows the configuration of all the important parameters ofthe bridge and of the security management. The next chapter discusses the conclusions l`roin the eflieiency tests ofthe two main bridge layers the bridge manager and the bridge (proxy mechanism), the influence of the usage memory caching on its efficiency. We provide there also an overall evaluation of the obtained results The last chapter includes a summary and discusses the bridge advantages and limitations as well as its evolution possibilities.
