Customer Reviews

CORBA Security: An Introduction to Safe Computing with Objects (The Addison-Wesley Object Technology Series)

5 star:		(3)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(0)

 

 

Recent hacker attacks on such high profile sites as Amazon and Yahoo should be a slap on the side of the head style reminder as to how important security is in computing. However, while these are significant, one must not lose sight of all of the other aspects of security, which dwarfs the rather simplistic nature of these attacks. For many systems, security issues must be as integral a part of the design as which classes to use.
Despite the title, this book is not focused on CORBA, but is more a general introduction to the issues of security. In that area, it is a very good book. The basic problems and general solutions to security issues are presented in a manner well within the grasp of non-technical readers.
The three main areas of protection: authorization, accountability and availability are explained in detail, using an example that is both practical and instructive. Submitting a tax return electronically is a serious business and the explanation of how every party to the transaction satisfies these three criteria is the best explanation of the process that I have read.
If your goal is to learn the basics of computer security in the context of, but not exclusive to a CORBA environment, then this book is exactly what you are looking for. If your interest is in a detailed explanation of CORBA, then you must look elsewhere.

I would highly recommend this book for organizations needing "information security (INFOSEC)" as it pertains to the Object Management Group's (OMG's) Common Object Request Broker Achitecture (CORBA) standard. The book takes a less technical overview to the OMG CORBASecurity specification and what CORBASecurity standard is trying to accomplish. It does this by using less technical jargon and acronyms which are sometimes confusing to neophytes unfamiliar with the very technical and complex world of INFOSEC.

In my view, the most important part of the book is its last chapter (i.e., Chapter 10 entitled "Questions to Ask Your Secure Object System Vendor"). Why? Because this chapter outlines thirteen questions that end user organizations can ask their vendors (in this case, Object Request Broker (ORB) vendors and referred to in the book as "secure object system vendors"). These thirteen questions are simple security questions that will get to the bottom line of capabilities of what ORB vendors may or may not supply with their ORB's security service. Thus, it can be used as a buyers guide to the types of security capabilities that your organization may desire with an ORB product.

The world of information security is replete with conjecture, confusion, and outright fiction. In brilliant contrast, Bob Blakley's "CORBA Security - An Introduction to Safe Computing with Objects" stands as a testimony of precision, clarity, and truth, with one exception: the book's title.

While the volume addresses architectural aspects of CORBA Security and provides a healthy discussion of object-specific security issues, it is really about a much more pervasive subject. Namely, how the fundamental tenant of Security Policy design can and should be woven through Identity, Authentication, Privilege, and Access Control. It also tackles two of the most misunderstood, yet critical security issues in modern N-tier distributed systems: Delegation and Non-Repudiation.

The writing style, like the author himself (whom I'm acquainted with on a processional level) is modest, direct, and inclusive. All terminology is progressively defined and clearly communicates the underlying concepts. As a budding security architect and veteran software engineer I highly recommend this book to managers, system designers, security administrators, and members of the legal and causality communities. In short anyone needing a deeper understanding of policy-driven, distributed computer security systems, CORBA or no CORBA.

"CORBA Security" is very much in the classic vein of "The Elements of Style" (E.B. White) - concise, accessible, and durably relevant. A true classic!