Securing Java RMI-based distributed applications

Author

Li, Ninghui ; Mitchell, John C. ; Tong, Derrick

Author_Institution

CERIAS, Purdue Univ., West Lafayette, IN, USA

fYear

2004

fDate

6-10 Dec. 2004

Firstpage

262

Lastpage

271

Abstract

Both Java RMI and Jini use a proxy-based architecture. In this architecture, a client interacts with a service through a proxy, which is code downloaded from a directory and installed on the client´s machine. An attacker who controls the communication channels or the directory may compromise the confidentiality and integrity of the client and of the service. We present a security architecture that protects both clients and services in distributed proxy-based computing. In this architecture, the service registers a signed authentication proxy with the directory. The client, after downloading a signed authentication proxy from the directory, verifies the signature on the proxy, authenticates itself to the service through the proxy, and receives a dedicated session proxy for the service over a secure channel. We also describe a Java-based toolkit that implements the security architecture. This toolkit enables developers to add security to Java RMI-based applications with minimal implementation effort.

Keywords

Java; client-server systems; message authentication; remote procedure calls; virtual machines; Java RMI-based distributed application; Java-based toolkit; distributed proxy-based computing; proxy-based architecture; security architecture; service register; signed authentication; Application software; Authentication; Communication system control; Computer architecture; Distributed computing; Information security; Java; Protocols; Virtual machining; Virtual manufacturing;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer Security Applications Conference, 2004. 20th Annual

ISSN

1063-9527

Print_ISBN

0-7695-2252-1

Type

conf

DOI

10.1109/CSAC.2004.34

Filename

1377233