Object Security

boreddizzyData Management

Dec 16, 2012 (4 years and 7 months ago)

154 views

F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
&25%$DVD6HFXUH3ODWIRUP
IRU0RELOH$SSOLFDWLRQV
5XGROI6FKUHLQHU
8OULFK/DQJ
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Agenda
•Platforms for mobile application
•Secure CORBA
•CORBA on a mobile device
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Limitations of Mobile Apps
•Until recently mobile applications were
limited by:
•Network bandwith (GSM: 9600bps)
•Computing resources (e.g. PalmPilot with
slow CPU and small memory)
•Only very simple applications possible
•In the future:
•Sufficient technical resources
•High costs and business risks
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Future Mobile Applications
•Customers are not willing to pay more
for better speech quality and SMS
•Only new and attractive applications
will motivate customers to pay for high
bandwith services
•Problem now: Rapid deployment of
attractive applications
•Standard platform needed
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Application Types
Two main application types:
•Wireless World Wide Web (W4)
•Mass market
•Similar to WWW
•Standard software both for client and
server, only content must be provided
•Direct user interaction
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Application Types
•Customer specific applications
•Many different applications for niche
markets
•Application specific software on client
and server
•Mobile device full part of complex
distributed application
•Often no direct user interaction
•Communication device part of larger
hardware
•Mission critical, e.g. in C4I
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Distributed applications
•Fleet management
•Traffic management
•Navigation
•Data acquisition
•Home management
•Health care
•...
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
CORBA
•Common Object Request Broker
Architecture Middleware
•Vendor independend standard for
developing distributed applications
•Supports method invocations across
different network types, hardware
platforms, operating systems and
programming languages
•Provides several services, e.g.
naming, security, transaction
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
MICOSec
•Standard CORBA Object
Request Broker (ORB)
with full security services
•Based on:
•MICO ORB
•OpenSSL library
•PostgreSQL database
•Originally developed for research
•Work in progress
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
MICOSec Main Features
•Security level 2 version 1.7
•Security aware and security unaware applications
•All features of MICO 2.3.6, including POA
•SSLIOP based on SSL v 3 with different ciphers
•Extended attributes for X.509 and environment information
•Plain IIOP
•Authentication
•Message protection
•Policies for secure associations
•Extended level 1 interfaces
•Auditing into file/syslog
/
RDBMS
•Secure interoperability with other ORBs
•Domain based access control and auditing
•Security Domain Membership Management
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Wireless CORBA
•Proof of concept: Test
CORBASec on mobile
devices
•MICOSec was
ported to a Compaq
iPAQ 3630 PocketPC
under Linux
•Full server functionality
and security are supported
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Wireless CORBA
•Practical Evaluation
•Simple demo with TCL/TK
•Rapid development with scripting
language
•Only client functionality
•More complex applications with GUI
toolkits
•QT and GTK for GUI development
•Server functionality and callbacks
supported
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Results of Evaluation
•MICOSec fits on the PocketPC
•Application development is very
simple
•Porting of existing applications is
straightforward
•IIOP overhead is acceptable over
WLAN and 115kbps serial connection
•Performance is more than adequate,
bottleneck is RSA authentication (ca.
1s)
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Results of Evaluation
•Main issues:
•Graphical user interfaces need adaption
•Power consumption
•Both issues are not directly related to
CORBA
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
Conclusion
•Secure CORBA on mobile devices
usable
•Application development and porting
of existing applications is easy
•Wireless CORBA allows the seamless
integration of mobile devices into
existing CORBA applications
F2EMHFW6HFXULW\/WG±DOOULJKWVUHVHUYHG
0RELOH&25%$6HF
2EMHFW
6HFXULW\
TM
www.objectsecurity.com
info@objectsecurity.com
TM