CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series) [Paperback]

Bob Blakley (Author), Robert Blakely (Author), Richard M. Soley (Foreword)

Book Description

Publication Date: October 27, 1999 | Series: Addison-Wesley Object Technology

The CORBAsecurity specification adopted by the Object Management Group (OMG) represents a major step forward in making object technology suitable for business application development. The specification document, however, is long, detailed, and complex; it is a time-consuming task for software developers to make their way through it, and it is inaccessible to CIOs and other technical managers who need to understand object security and its impact on their organizations. CORBA Security provides a readable and less technical overview of the specification and a guide to the security of object systems. Written from a policy point of view, the book will help you decide what security policies are appropriate for your organization and evaluate the object-based security options that can help you manage those policies. For those unfamiliar with basic security and object technology concepts, clear introductions to these topics will bring you up to speed. The book also provides a list of questions you can ask your secure object system vendor-questions that will get behind the jargon and acronyms and give you the information you need to determine just how safe the product really is. Readers will get an in-depth look at each element of computer security and how the CORBAsecurity specification fulfills each of these security needs. Topics covered include identification, authentication, and privilege; access control; message protection; delegation and proxy problems; auditing; and, non-repudiation. The author also provides numerous real-world examples of how secure object systems can be used to enforce useful security policies. 0201325659B04062001

Editorial Reviews

From the Back Cover

The CORBAsecurity specification adopted by the Object Management Group (OMG) represents a major step forward in making object technology suitable for business application development. The specification document, however, is long, detailed, and complex; it is a time-consuming task for software developers to make their way through it, and it is inaccessible to CIOs and other technical managers who need to understand object security and its impact on their organizations.

CORBA Security provides a readable and less technical overview of the specification and a guide to the security of object systems. Written from a policy point of view, the book will help you decide what security policies are appropriate for your organization and evaluate the object-based security options that can help you manage those policies.

For those unfamiliar with basic security and object technology concepts, clear introductions to these topics will bring you up to speed. The book also provides a list of questions you can ask your secure object system vendor-questions that will get behind the jargon and acronyms and give you the information you need to determine just how safe the product really is.

Readers will get an in-depth look at each element of computer security and how the CORBAsecurity specification fulfills each of these security needs. Topics covered include identification, authentication, and privilege; access control; message protection; delegation and proxy problems; auditing; and, non-repudiation. The author also provides numerous real-world examples of how secure object systems can be used to enforce useful security policies.

0201325659B04062001

About the Author

Bob Blakley is Chief Scientist at DASCOM, and before joining DASCOM, was IBM's Lead Security Architect. He was the principal designer of IBM's proposal to the OMG for an Object-Oriented Security Service, and he co-edited the CORBAsecurity standard adopted by the OMG in 1996. Bob is a frequent speaker at software industry and software security conferences such as the RSA Conference, Networld+Interop, GUIDE, the Burton Group Catalyst Conference, and Open Systems Security Symposium, and the Mergent Users' Conference. He has written or co-authored seven papers on cryptography, secret-sharing schemes, access control, and other aspects of computer security, and he holds eight patents on security-related technologies. 0201325659AB04062001

See all Editorial Reviews

Product Details

• Paperback: 128 pages
• Publisher: Addison Wesley Longman; 1st edition (October 27, 1999)
• Language: English
• ISBN-10: 0201325659
• ISBN-13: 978-0201325652
• Product Dimensions: 9 x 7.3 x 0.2 inches
• Shipping Weight: 12.8 ounces
• Average Customer Review: 5.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon Best Sellers Rank: #3,139,596 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

7 of 7 people found the following review helpful:

5.0 out of 5 stars Learning the basics of security is not an option, February 24, 2000

By 

Charles Ashbacher (Marion, Iowa United States) - See all my reviews
(TOP 500 REVIEWER)    (VINE VOICE)    (HALL OF FAME REVIEWER)   

This review is from: CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series) (Paperback)

Recent hacker attacks on such high profile sites as Amazon and Yahoo should be a slap on the side of the head style reminder as to how important security is in computing. However, while these are significant, one must not lose sight of all of the other aspects of security, which dwarfs the rather simplistic nature of these attacks. For many systems, security issues must be as integral a part of the design as which classes to use.
Despite the title, this book is not focused on CORBA, but is more a general introduction to the issues of security. In that area, it is a very good book. The basic problems and general solutions to security issues are presented in a manner well within the grasp of non-technical readers.
The three main areas of protection: authorization, accountability and availability are explained in detail, using an example that is both practical and instructive. Submitting a tax return electronically is a serious business and the explanation of how every party to the transaction satisfies these three criteria is the best explanation of the process that I have read.
If your goal is to learn the basics of computer security in the context of, but not exclusive to a CORBA environment, then this book is exactly what you are looking for. If your interest is in a detailed explanation of CORBA, then you must look elsewhere.

4 of 4 people found the following review helpful:

5.0 out of 5 stars CORBA Security An Introduction To Safe Computing Objects, November 24, 1999

By 

Harold E Jarboe (USA) - See all my reviews

This review is from: CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series) (Paperback)

I would highly recommend this book for organizations needing "information security (INFOSEC)" as it pertains to the Object Management Group's (OMG's) Common Object Request Broker Achitecture (CORBA) standard. The book takes a less technical overview to the OMG CORBASecurity specification and what CORBASecurity standard is trying to accomplish. It does this by using less technical jargon and acronyms which are sometimes confusing to neophytes unfamiliar with the very technical and complex world of INFOSEC.

In my view, the most important part of the book is its last chapter (i.e., Chapter 10 entitled "Questions to Ask Your Secure Object System Vendor"). Why? Because this chapter outlines thirteen questions that end user organizations can ask their vendors (in this case, Object Request Broker (ORB) vendors and referred to in the book as "secure object system vendors"). These thirteen questions are simple security questions that will get to the bottom line of capabilities of what ORB vendors may or may not supply with their ORB's security service. Thus, it can be used as a buyers guide to the types of security capabilities that your organization may desire with an ORB product.

3 of 3 people found the following review helpful:

5.0 out of 5 stars This Could Be a Classic Security Reference, November 25, 2000

By 

Brian Bowman - See all my reviews

This review is from: CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series) (Paperback)

The world of information security is replete with conjecture, confusion, and outright fiction. In brilliant contrast, Bob Blakley's "CORBA Security - An Introduction to Safe Computing with Objects" stands as a testimony of precision, clarity, and truth, with one exception: the book's title.

While the volume addresses architectural aspects of CORBA Security and provides a healthy discussion of object-specific security issues, it is really about a much more pervasive subject. Namely, how the fundamental tenant of Security Policy design can and should be woven through Identity, Authentication, Privilege, and Access Control. It also tackles two of the most misunderstood, yet critical security issues in modern N-tier distributed systems: Delegation and Non-Repudiation.

The writing style, like the author himself (whom I'm acquainted with on a processional level) is modest, direct, and inclusive. All terminology is progressively defined and clearly communicates the underlying concepts. As a budding security architect and veteran software engineer I highly recommend this book to managers, system designers, security administrators, and members of the legal and causality communities. In short anyone needing a deeper understanding of policy-driven, distributed computer security systems, CORBA or no CORBA.

"CORBA Security" is very much in the classic vein of "The Elements of Style" (E.B. White) - concise, accessible, and durably relevant. A true classic!