Title :
Securing Java RMI-based distributed applications
Author :
Li, Ninghui ; Mitchell, John C. ; Tong, Derrick
Author_Institution :
CERIAS, Purdue Univ., West Lafayette, IN, USA
Abstract :
Both Java RMI and Jini use a proxy-based architecture. In this architecture, a client interacts with a service through a proxy, which is code downloaded from a directory and installed on the client´s machine. An attacker who controls the communication channels or the directory may compromise the confidentiality and integrity of the client and of the service. We present a security architecture that protects both clients and services in distributed proxy-based computing. In this architecture, the service registers a signed authentication proxy with the directory. The client, after downloading a signed authentication proxy from the directory, verifies the signature on the proxy, authenticates itself to the service through the proxy, and receives a dedicated session proxy for the service over a secure channel. We also describe a Java-based toolkit that implements the security architecture. This toolkit enables developers to add security to Java RMI-based applications with minimal implementation effort.
Keywords :
Java; client-server systems; message authentication; remote procedure calls; virtual machines; Java RMI-based distributed application; Java-based toolkit; distributed proxy-based computing; proxy-based architecture; security architecture; service register; signed authentication; Application software; Authentication; Communication system control; Computer architecture; Distributed computing; Information security; Java; Protocols; Virtual machining; Virtual manufacturing;
Conference_Titel :
Computer Security Applications Conference, 2004. 20th Annual
Print_ISBN :
0-7695-2252-1
DOI :
10.1109/CSAC.2004.34
