Abstract
Purchase PDF (2736 K)
E-mail Article
Add to my Quick Links
Cited By in Scopus (0)
Purchase PDF (998 K)
doi:10.1016/S0169-7552(97)00054-8 
Copyright © 1997 Published by Elsevier Science B.V.
High security Web servers and gateways
Available online 14 May 1998.
References and further reading may be available for this article. To view references and further reading you must purchase this article.
Abstract
This paper describes a high security, high performance system for making legacy systems accessible to the web. It combines distributed object technology with a trusted operating system that implements multi-level security. The aim is to satisfy the growing demand for dynamic content generation, while providing a high level of protection against unauthorized access to the service.
HP CORBAweb is a software infrastructure that allows access to CORBA applications from the web. HP VirtualVault is a secure environment for web applications. The paper gives overviews of both VirtualVault and CORBAweb, and describes the object gateway that merges the integration features of CORBAweb with the security of VirtualVault.
The paper describes the authorization model that determines the granularity at which access is granted. It then goes on to explain how the system can be extended to allow remote clients, such as Java applets, to invoke the CORBA-based services directly, using the Internet Inter-ORB Protocol (IIOP).
The object gateway is designed to be used to provide controlled access through a firewall protecting the servers. Some of the issues associated with firewalls around the clients are discussed at the end of the paper.
Author Keywords: Author Keywords: Security; Gateways; Trusted operating system; Multilevel security; CORBA; Distributed objects; World Wide Web
