3.11 What papers about CORBASEC and related issues are out there?

 

Jim Williams

(June, 1998): The document "CORBA Threat-Mitigation Model" was presented to the Security SIG at the June '96 meeting in Washington DC. It is available as document 98-06-01 at http://www.omg.org/docs/security/

Rudolf Schreiner

(September, 1998)¹⁰ : A good paper on CORBASEC is Ulrich Lang's M.Sc. thesis: http://www.cl.cam.ac.uk/~ul201/mscdissertation.pdf

B.G. Mahesh

(October, 1998)¹¹ :

• Charles Cavanaugh. CORBA Security White Paper. Advance Software, Switzerland (www.corba.ch)
• Kyeongbeom Kim, Youngkyun Kim, Youngkee Song, Soran Ine. A Software Platform for Secure Applications based on CORBA. IEEE, 1997.
• Susan L. Chapin, William R. Herndon, LouAnna Notargiacomo. Security For The Common Object Request Broker Architecture (CORBA). IEEE, 1994.
• Robert H. Deng, Shailendra K. Bhonsle, Weiguo Wang, Aurel A. Lazar. Integrating Security in CORBA Based Object Architectures. IEEE, 1995.

Konstantin Beznosov

(November, 1998): There is a technical report from IBM that describes a mathematical model of CORBA access control mechanisms and also shows how Mandatory Access Control (MAC) policy could be realized using CORBA Security. The paper reference is the following:

G'unter Karjoth. Analysis of Authorization in CORBA Security. Technical report, IBM Research Division, Zurich Research Laboratory, December 1996.

Also, OMG Security Working Group released ``OMG White Paper on Security'' in 1994, where they described issues with security design in distributed object systems and outlinened CORBASEC model. The paper available at the OMG site as document 94-04-16.

Nick Battle

(September, 1998)¹² : There is a white paper at http://www.peerlogic.com/sbs/dais/security.pdf that gives an overview of CORBA Security.