CORBA

The acronym CORBA stands for Common Object Request Broker Architecture. CORBA is foremost a platform for distributed, object-based, computing. Behind CORBA is the Object Management Group (OMG), a consortium of originally eight large international information technology companies. Today, OMG has over 500 member companies and organizations.

Within the CORBA architecture, the role of the Object Request Broker (ORB) is to provide connectivity between objects. CORBA Security Services [CHN94,The95] are implemented inside the ORB, thus (to a degree) making them transparently available to communicating objects.

The specification contains a reference model covering message protection, access control, auditing, delegation, and non-repudiation.

Message protection

is concerned with integrity and confidentiality of object invocation communications.

Access control

in the ORB can be carried out both at the client and at the target upon object invocation. Access control is carried out using an access decision function according to the model specified in [ISO96] (see section 6.3).

Auditing

is provided for in the specification both at the initiating and target side of the ORB. What information should be written to the audit trail is decided by a set of system audit policies together with specific application audit policies.

Delegation

of privileges is often necessary when one object needs to call upon another object to perform its own services (the server becomes a client). The CORBA security reference model allows for a wide variety of delegation models.

Non-repudiation

involves the creation of irrefutable evidence of some event taking place. In contrast to the previously listed security services, non-repudiation is under the control of the applications utilizing the services. Non-repudiation can be used for many purposes, common examples are non-repudiation of creation and non-repudiation of receipt. In the first case, a creator of a message that later denies having created it can be proved to be lying. In the second example non-repudiation services provide protection against someone falsely denying having received a message.

The reference model also defines the concepts of security policy domain (a grouping of objects to which the same security policies apply) and security authority (the administrator of a security domain).

The CORBA security specification goes on to specify in detail the services specified in the reference model.