About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map
Our Work
Overview
Mission Areas
Systems Engineering
Information Technology
MITRE Research Program
MITRE Federal Employee Fellowship Program
Technology Transfer Office
Technical Papers

Follow Us:
Visit MITRE on Facebook
Visit MITRE on Twitter
Visit MITRE on Linkedin
Visit MITRE on YouTube
View MITRE's RSS Feeds
View MITRE's Mobile Apps
Home > Our Work > Technical Papers >

Distributed Object Computing (DOC) Security: Paradigms and Strategies

May 1999

Deborah J. Bodeau, The MITRE Corporation
Charles M. Schmidt, The MITRE Corporation
Vipin Swarup, The MITRE Corporation
F. Javier Thayer, The MITRE Corporation

ABSTRACT

This report describes the status of distributed object computing (DOC) security. It proposes a strategy to enable evolution to more secure DOC systems and secure interoperability among different DOC systems.

Three DOC paradigms are discussed: the Object Management Group’s (OMG’s) CORBA (Common Object Request Broker Architecture); composable objects, exemplified by Microsoft’s Component Object Model (COM); and mobile objects, exemplified by Java with Remote Method Invocation (RMI). Of these, only CORBA was originally intended to enable distributed object computing. Due to this objective, to the clarity and extent of its documentation, and to its maturity, CORBA concepts and strategies are influential in the other paradigms.

This report is organized as follows: Section 2 presents a framework for characterizing DOC paradigms and an overview comparison of how key concepts are used, interpreted, or refined in the three representative paradigms. This framework is needed because documentation commonly mixes motivation, conceptual models, and technical details. Sections 3 through 5 present overviews of CORBA, COM, and Java RMI using this framework. These overviews are intended to highlight security concerns and to suppress the implementation details that make most presentations of the DOC technologies lengthy, complex, and hard to understand. Section 6 identifies security issues specific to the three paradigms and to interoperability among systems that use different paradigms. Section 6 also proposes strategies for resolving some of those issues. Section 7 presents initial progress following one strategy, that of developing firmer theoretical foundations. The list of references emphasizes resources that can be found on the World-Wide Web. The appendix provides a concise presentation of information about security-relevant objects, interfaces, and attributes to facilitate the development of interoperability bridges. This information is dispersed throughout the CORBASec, COM, and Java specifications and documentation.

View/Download Document

Additional Search Keywords

n/a

 

Page last updated: May 19, 1999   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us