Security for the Common Object Request Broker Architecture (CORBA)

Over the last several years, there has been an emphasis on distributed client/server computing in business as well as government. A useful means of achieving this capability is through the use of object technology. Distributed object systems offer many benefits, such as downsizing and right sizing, resulting in a trend toward small, modular, commercial or government off-the-shelf components as a means of system development. Distributed object management standards, such as the Common Object Request Broker Architecture (CORBA) specification are aiding the integration process. One area of distributed object systems that has received little attention to date is security. Security is a difficult problem in traditional software systems, and adding distribution and use of object-oriented techniques just increases the complexity of the problem. The Object Management Group (OMG) is beginning to solicit proposals from vendors for handling security in a distributed object environment. This paper gives an overview of distributed object management and standards being specified by the OMG. It applies traditional security engineering analysis to CORBA and highlights some of the security function interdependencies among CORBA components