rent-now

Rent More, Save More! Use code: ECRENTAL

5% off 1 book, 7% off 2 books, 10% off 3+ books

9780471150763

Enterprise Security with EJBTM and CORBA®

by ; ;
  • ISBN13:

    9780471150763

  • ISBN10:

    0471150762

  • Format: eBook
  • Copyright: 2002-03-01
  • Publisher: Wiley
  • Purchase Benefits
  • Free Shipping Icon Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • eCampus.com Logo Get Rewarded for Ordering Your Textbooks! Enroll Now
  • Write a Review Icon Write a Review
List Price: $44.99
We're Sorry.
No Options Available at This Time.

Summary

Building secure applications using the most popular component technologies Did you know that most corporate computer security breaches are inside jobs by trusted employees? This book addresses the need in the era of multi-tier systems to implement security solutions across all enterprise applications, not just firewalls that target intrusion from the outside. With nationally recognized CORBA security experts Bret Hartman, Donald J. Flinn, and Konstantin Beznosov, this book shows application developers how to build secure, real-world applications that deliver tightly integrated security at all system levels using the latest component technologies and tools. Coverage also includes a sample e-commerce system built using Java with EJB and CORBA as well as case studies of implementations in finance, manufacturing, and telecom.

Table of Contents

Foreword xix
Introduction xxiii
Acknowledgments xxxi
An Overview of Enterprise Security Integration
1(26)
Components and Security
1(2)
Security as an Enabler for E-Business Applications
3(5)
E-Business Applications Increase Risks
4(1)
Information Security Goals: Enable Use, Bar Intrusion
4(1)
E-Business Solutions Create New Security Responsibilities
5(1)
Risk Management Holds Key
6(1)
Information Security: A Proven Concern
7(1)
Distributed Systems Require Distributed Security
8(4)
Security Challenges in Distributed Component Environments
9(3)
End-to-End ESI
12(10)
ESI Requirements
13(1)
ESI Solutions
14(1)
ESI Framework
15(1)
Applications
15(2)
APIs
17(1)
Core Security Services
17(1)
Framework Security Facilities
18(1)
Security Products
19(1)
ESI Benefits
19(1)
Principles of ESI
20(2)
Example of a Secure Component Architecture
22(4)
Business Scenario
22(1)
eBusiness.com Object Model
22(2)
eBusiness.com Security Requirements
24(2)
Summary
26(1)
Securing EJB Components
27(42)
An Overview of EJB Security
28(2)
Players and Their Duties in the EJB Lifecycle
30(24)
Roles
32(2)
The Bean Provider
34(5)
Application Assembler
39(2)
Defining Roles
41(1)
Assigning Method Access
42(2)
Assigning Roles to Role References
44(1)
Security Identity
45(2)
Deployer
47(3)
Principal Delegation
50(1)
EJB Container Provider
51(1)
Deployment Tools
51(1)
Security Domains
51(1)
Principal Naming
52(1)
ejbContext
52(2)
Auditing
54(1)
Using the Deployment Descriptor
54(3)
Recommended Permissions
57(3)
The Beans Themselves
57(1)
Authentication
58(1)
Authorization
59(1)
Transport
59(1)
Security with Container-to-Container Interoperability
60(6)
Association Options
62(2)
Who's Running the Show?
64(2)
Summary
66(3)
Securing CORBA Components
69(40)
Benefits of CORBA Security
72(4)
A Brief Review of CORBA
76(8)
Declarative Part
76(2)
Runtime Part
78(3)
Wire Protocol
81(2)
Object Reference
83(1)
Runtime CORBA Security
84(9)
Identification and Authentication
84(2)
Policy Enforcement
86(3)
Wire Protocol
89(2)
Functionality Levels
91(1)
Level 1: Security-Unaware Applications
92(1)
Level 2: Security-Aware Applications
92(1)
Declarative CORBA Security
93(11)
Why You Need Rights, Domains, and Attributes
93(2)
The Role of Rights
95(6)
The Role of Domains
101(1)
The Role of Privilege Attributes
102(2)
Setting Audit Policies
104(2)
Using Programmatic Security
106(2)
Summary
108(1)
Enterprise Security Technologies
109(18)
Perimeter Security Technologies
112(7)
Firewalls/VPNs
112(1)
Authentication
113(1)
Authorization
113(1)
Accountability
114(1)
Security Administration
114(1)
Cryptographic Protocols
114(1)
Authentication
115(1)
Web-Based Security Servers
116(1)
Authentication
116(1)
Authorization
117(1)
Accountability
118(1)
Security Administration
118(1)
Intrusion Detection
118(1)
Mid-Tier Security Technologies
119(4)
Component-Based Security Servers
119(1)
Cryptographic Protocols
120(1)
Authentication
120(1)
Authorization
121(1)
Cryptography
121(1)
Delegation
121(1)
Accountability
121(1)
Security Administration
121(1)
Entitlements Servers
122(1)
Authentication
122(1)
Authorization
122(1)
Legacy Security Technologies
123(1)
Mainframe Security
123(1)
Authentication
123(1)
Authorization
124(1)
Cryptography
124(1)
Accountability
124(1)
Security Administration
124(1)
Database Security
124(1)
Summary
124(3)
Interoperability of Cross-Domain Components
127(40)
What Is Interoperability of EJB and CORBA?
128(3)
Intracompany and Intercompany Security
131(2)
Security Technology Domains Relative to Security Tiers
133(7)
Security Domains in the Perimeter Tier
138(1)
Security Domains in the Mid-Tier
139(1)
EJB and CORBA in the Mid-Tier
139(1)
Security Domains in the Legacy Tier
140(1)
Rationale for Mixed Security Technology Domains
140(3)
Mixed Domains in the Perimeter
141(1)
Mixed Domains in the Mid-Tier
141(2)
Mixed Domains in the Legacy Tier
143(1)
Auditing
143(1)
Security Administration
143(1)
Bridging the Security Tiers
143(14)
Perimeter to Mid-Tier Interoperability
145(1)
Browser to Web Server Interaction
146(2)
Passing Data from the Browser
148(1)
An Example of Perimeter to Mid-Tier Interoperability
148(3)
The Critical Web Server
151(1)
Mid-Tier to Legacy Interoperability
152(5)
Security Policy Domains
157(4)
Modifying Architectures for Security
161(3)
Summary
164(3)
Interoperability of EJB and CORBA Components
167(42)
Making EJB and CORBA Work Together Securely
168(6)
Advantages of Combined Technologies
170(1)
Packaging Security for the Component Developer
171(1)
JNDI Security
172(1)
Container Security
173(1)
Security between Containers
174(1)
EJB and CORBA Transport Protocols
174(8)
RMI
176(2)
IIOP
178(3)
RMI over IIOP
181(1)
Common Secure Interoperability Version 2
182(16)
CSIv2 Attribute Layer
185(1)
The Authorization Token
185(4)
The Identity Token
189(1)
CSIv2 Authentication Layer
190(1)
CSIv2 Transport Layer
191(1)
Credentials and Privilege Delegation in CSIv2
192(4)
CSIv2 Association Options in the IOR
196(1)
Conformance to CSIv2
197(1)
Interoperable Security Layers
198(8)
Authentication
198(1)
Extending EJB to CORBA Authentication
199(2)
Authorization
201(2)
How Rich Does It Need to Be?
203(1)
Extending EJB to CORBA Authorization
204(2)
Summary
206(3)
Protecting Application Resources
209(34)
Beyond Middleware Access Control
209(5)
Refining Access Control in the Example
210(2)
Authorization Server
212(2)
Resource Access Decision Facility
214(3)
Pros and Cons of Using RAD
215(2)
Middleware or RAD Authorization?
217(1)
RAD Standard
217(16)
RAD Interfaces and Data
218(2)
RAD Architecture
220(1)
Access Decision Object
220(4)
Policy Evaluator
224(1)
Decision Combinator
225(2)
Policy Evaluator Locator (PEL)
227(3)
Dynamic Attribute Service
230(3)
Putting It All Together
233(7)
What Belongs to RAD and What Does Not
236(1)
Runtime Model
236(1)
Administrative Model
236(4)
Summary
240(3)
Scaleable Security Policies
243(42)
Using Rights Wisely
244(2)
Using Attributes Wisely
246(1)
An Argument for Roles
247(21)
Overview of RBAC
248(2)
RBACo: Just Roles
250(2)
RBACo Using CORBA
252(3)
RBACo Using EJB
255(5)
RBAC1: Role Hierarchies
260(1)
RBAC1 in CORBA
261(2)
RBAC1 in EJB
263(3)
RBAC2: Constraints
266(1)
RBAC3: RBAC1+RBAC2
267(1)
Concluding Remarks on RBAC
268(1)
Using Domains Wisely
268(8)
Using Domain Structures for Composing Security Policies
272(2)
Assigning Object Instances to Policy Domains
274(2)
Delegation
276(7)
Motivations for Using Delegation
277(1)
Levels of Delegation
278(1)
Product Support for Delegation
279(2)
Delegation in EJB
281(1)
When and How to Use Delegation
281(1)
General Recommendations
281(1)
Risks of Delegation
282(1)
Summary
283(2)
Planning a Secure Component System
285(18)
Making the Jump from Application to System
286(5)
Interaction of Applications
286(1)
What Is Security?
286(2)
Security Evolution-Losing Control
288(1)
Dealing with the ``ilities''
289(1)
eBusiness.com's Approach
290(1)
Determining Requirements
291(6)
Functional Requirements
291(1)
Security Requirements
291(1)
Limit Visitor Access
292(1)
Eliminate Administration of New Customers
292(1)
Grant Members More Access
293(1)
Protect the Accounts of Each Individual
293(1)
Administrator Control of Critical Functions
294(1)
Restrict Administrators Abilities
294(1)
Nonfunctional Requirements
295(1)
Manageability
295(1)
Extensibility
295(1)
Reliability
296(1)
Availability
296(1)
Scalability
297(1)
Applying the Framework
297(3)
Application Components
299(1)
Security APIs
299(1)
Core Security Services
299(1)
Framework Security Facilities
300(1)
Summary
300(3)
Building an Integrated Security System
303(34)
Security Architecture
305(3)
Deploying the Example
308(1)
The Underlying Protection Layer
309(1)
Perimeter Security
310(5)
Using Component Security with Firewalls
312(1)
Using Component Security with Web Servers
313(2)
A Caution Against Proprietary Solutions
315(1)
Mid-Tier Security
315(5)
Legacy Security
320(1)
Advantages of Using a Security Server
321(4)
Administration
322(2)
Multiple Security Servers
324(1)
Authentication
325(1)
Securing the Infrastructure
325(2)
Naming
326(1)
Persistence of Security Data
327(4)
LDAP
328(2)
Relational or Object Databases
330(1)
File Systems
331(1)
Security Gotchas at the System Level
331(3)
Scaling
331(1)
Performance
332(2)
Summary
334(3)
Glossary 337(14)
References 351(2)
Index 353

Supplemental Materials

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Rewards Program