Design and implementation of a secure wide-area object middleware

To link to full-text access for this article, visit this link: http://dx.doi.org/10.1016/j.comnet.2006.11.008 Byline: Bogdan C. Popescu (a), Bruno Crispo (a)(b), Andrew S. Tanenbaum (a), Arno Bakker (a) Keywords: Distributed systems; Security; Middleware; Wide area replication Abstract: Wide-area service replication is becoming increasingly common, with the emergence of new operational models such as content delivery networks and computational grids. This paper describes the security architecture for Globe, an object-based middleware specifically designed to support dynamic replication of services over wide-area networks. Replication introduces a series of new security issues, including the need to restrict replica privileges with respect to method execution, and protection of distributed objects against malicious hosts running instances of their code. Our modular security design addresses these new threats, as well as a broad range of traditional ones, and is validated through a series of performance measurements. Additional contributions include a novel authentication mechanism specifically designed for wide-area deployment, which combines some of the best features of public key authentication protocols (reliance on an offline trusted third party in particular) with the computational efficiency characteristic to symmetric key schemes. Author Affiliation: (a) Dept. of Computer Science, Vrije Universiteit, De Boelelaan 1081A, 1081 HV Amsterdam, The Netherlands (b) DIT, University of Trento, Italy Article History: Received 2 January 2006; Revised 18 October 2006; Accepted 3 November 2006 Article Note: (miscellaneous) Responsible Editor: L. Salgarelli