Institutional Repository
| CORBA防火墙的一种实现——IIOPProxy | |
| 潘晓峰 | |
| Major | 计算机应用技术 |
| 2000 | |
| Degree Grantor | 中国科学院软件研究所 |
| Degree Level | 博士 |
| Place of Degree Grantor | 中国科学院软件研究所 |
| Keyword | 分布式对象系统 防火墙 代理服务器 |
| English Abstract | 分布式对象系统是由一组互相操作的对象所组成,是开发分布式计算机网络应用系统的一种有效手段。CORBA标准定义了一种对象间互操作的机制,但到目前为止,尚未考虑防火墙对CORBA应用的限制。本文分析了CORBA的防火墙问题及其现有的实现技术,提出了一个新的CORBA防火墙问题解决方案。该方案不仅解除了防火墙对CORBA应用的限制,而且还提供了一种访问控制的手段,从而保证CORBA对象免受黑客的攻击。根据这个方案,实现了一种CORBA防火墙-IIOPPrxoy。IIOPPrxoy的通用性好,能支持各种不同厂商的ORB,还支持对回调对象和运行时生成的对象的过滤。IIOPPrxoy的适用范围比较广,它既可以在服务端使用,也可以在客户端使用。IIOPPrxoy的透明性比较强,使得CORBA对象根本不知道IIOPPrxoy的存在,故不用改变CORBA对象的行为,而只需要防火墙管理员将代理信息加入对象的IOR中,同时生成一个包含这些信息的配置文件即可。 |
| Abstract | Distributed object system consisting of interoperable objects is an effective method of developing a distributed system. CORBA defines a mechanism of interoperation between objects. However, CORBA doesn't consider limits imposed on CORBA applications by firewall. At first, this thesis analyses problems of firewalls in CORBA applications and current corresponding solutions. After that, it gives a new and effective solution. This solution not only releases the limit imposed on CORBA applications by firewall, but also provides an access control policy. So CORBA objects are immune to attacks by hackers. According to this solution, we have implemented the IIOPProxy which is a type of CORBA firewall. The IIOPProxy supports different vendors'ORB. And it also supports filtering of callback objects and objects created in run-time. The IIOPProxy is used widely, for example, it can be used in both client side and server side. The biggest difference between the IIOPProxy and other CORBA firewalls is transparency. CORBA objects don't know existence of the IIOPProxy at all. So behavior of CORBA objects needn't be changed for the IIOPProxy. An administrator of the IIOPProxy only need take the following action: adding proxy information into objects' IORs and configuring the IIOPProxy with this information. |
| Pages | 39 |
| Language | 中文 |
| Content Type | 学位论文 |
| URI | http://ir.iscas.ac.cn/handle/311060/6872 |
| Collection | 中科院软件所_中科院软件所 |
| Recommended Citation GB/T 7714 | 潘晓峰. CORBA防火墙的一种实现——IIOPProxy[D]. 中国科学院软件研究所. 中国科学院软件研究所,2000. |
| Files in This Item: | ||||||
| File Name/Size | DocType | Version | Access | License | ||
| LW002139.pdf(1195KB) | 限制开放 | -- | Application Full Text | |||
Items in the repository are protected by copyright, with all rights reserved, unless otherwise indicated.
Edit Comment