william fitzgerald wrote: ... > I have been researching corba and corba security as a hobbie recently. Corba > security seems to be solid from the omg corba security services 1.8 manual (only > got through half of that spec so far). > > does corba have any security flaws that could be improved or are worth a research > investigation? > > there must be ways to upset corba security services either intentionaly or unintentionaly. > it seems to be heavily governed on policies. is the a vulnerability here? > > what about other middleware technologies such as ejb? are there security issues > here? > > or do security issues arise when using both ejb and corba together? > > any information relating to corba security is welcomed. the omg specification > wont highlight any existing security exploits for obvious reasons. I conducted some attacks on a CORBA server system in an exercise in 1999 (so the data is old), but I don't believe the basic problem has been fixed. The "application" involved serving outside clients with large files and the ability to view them from the CORBA server. The outside clients were served through a stateful, proxying firewall using SSL. Inside clients were able to edit the large files. Both clients had an additional security step wherein they identified themselves via pre-shared SSL keys to the CORBA server to access the large file viewing/editing methods. I used Dynamic Invocation Interface (which was not protected) to determine the methods served by the CORBA server. This discovery function is available in one form or another in all middleware (Java RMI, DCOM, CORBA) and a major help to an attacker. I wrote IDL to match the methods, compiled that into a new set of methods and then wrote a new CORBA server application of my own that duplicated the interfaces. My server simply used the same methods to access the real server. From there it was a simple DNS spoof to step in between a client and the real CORBA server. Middleware weaknesses lie in the need to advertise, find, broker, and trade services as well as the fact that they depend upon the network infrastructure to be trustworthy. In addition, CORBA applications written in C or C++ are subject to standard coding error vulnerabilities. Another thing to look for in a middleware implementation is any sort of remote program invocation. This can be done very insecurely. -- Ray Parks rcparksat_private IDART Project Lead Voice:505-844-4024 IORTA Department Fax:505-844-9641 http://www.sandia.gov/idart Pager:800-690-5288
This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 15:05:49 PDT