Security for Distributed and Mobile Active Objects with the ProActive Library
by Isabelle Attali, Denis Caromel and Arnaud Contes
In the domain of distributed applications, networks, and mobile agents, this research - started in spring 2001 in the Oasis Team at INRIA Sophia Antipolis - aims to develop mechanisms for specifying a security policy at a high level of abstraction for a given application.
The classical approach in information systems security requires a partitioning from the point of view of the organisation, geography and structure of information, in terms of their level of sensitivity and their domain. With the development of telecommunications however, a system can be distributed all over the world: data and code can be distributed and shared. This tremendous evolution prevents the classical approach being used.
Existing security techniques (PGP, C-SET, SSL, X509, etc) are known as standards working on a particular aspect of security and risks. We propose a complementary approach at the application level, possibly based on the cited standard techniques.
Besides existing system-level and network-level mechanisms, we believe that it is necessary to provide application-specific configurable techniques. Further, information transfer in object systems is enriched and more typed, compared with non-object systems (requests, replies, mobility of agents, remote object creation). These exchanges often require the definition of security attributes (authentication, integrity, confidentiality). Finally, in the setting of a given distributed application, some computers will play a specific role, and as a consequence, require specific rights and protections (eg, two secured servers versus access to a portable computer).
It seems of interest to organise in a hierarchical manner the different computers participating in a given distributed application, and to associate specific rights with these hierarchies. Our work can be seen as the creation of a Virtual Private Network at the application level. Another issue is secured meta-computing: how to use a federation of computing resources in a secure manner. A security policy for an application is specified in a declarative manner. An example of a security policy file is given in Figure 1.
A prototype has been implemented in Java with the ProActive library (over the standard RMI layer). This prototype is made of two parts:
Examples have already been specified and executed and early performance measures have shown that this approach is viable. For instance, only 25ms were required for the full treatment of a secured message including encryption, transfer, decryption, and the checking of the sender certificate and digital signature.
Our approach proposes security features at the application level, especially in the setting of distributed objects with mobility.
Compared to related work, the ProActive security can be characterised by four main advantages: