GridCertLib: A Single Sign-on Solution for Grid Web Applications and Portals

This paper describes the design and implementation of GridCertLib, a Java library leveraging a Shibboleth-based authentication infrastructure and the SLCS online certificate signing service, to provide short-lived X.509 certificates and Grid proxies. The main use case envisioned for GridCertLib, is to provide seamless and secure access to Grid X.509 certificates and proxies in web applications and portals: when a user logs in to the portal using SAML-based Shibboleth authentication, GridCertLib uses the SAML assertion to obtain a Grid X.509 certificate from the SLCS service and generate a VOMS proxy from it. We give an overview of the architecture of GridCertLib and briefly describe its programming model. Its application to some deployment scenarios is outlined, as well as a report on practical experience integrating GridCertLib into portals for Bioinformatics and Computational Chemistry applications, based on the popular P-GRADE and Django softwares.     

一种远程智能电源管理系统服务平台的设计与实现

针对机房海量服务器设备管理问题,提出了一种“远程网络电源管理系统平台”方案.平台由前端电源管理单元、服务平台和客户端构成.服务平台通过底层服务软件收集前端电源管理单元状态信息,传递用户控制命令.平台上层采用Web服务器和数据库系统,接收用户管理访问.为了便于管理、降低成本,客户端采用通用Web浏览器实现,用户通过Web浏览器即可远程控制服务器,随时随地监控机房,还能通过串口远程配置数据,实现真正的无人值守机房.     

Java安全体系在Web程序中的研究和应用

提出了一种基于Java的Web程序安全解决方案。该方案采用JAAS（Java Authentication Authorization Service）实现可插入式登录模块,采用X509数字证书作为用户身份认证,通过配置Web服务器,并利用服务器证书和客户端证书实现服务器与客户端之间的SSL双向认证;待认证成功后,再利用服务器和客户端协商好的对称密钥来建立HTTPS连接,以实现数据的安全传送。该方案为基于Java的Web程序提供了一个安全接口,可以方便地移植。     

一种实现随机端口的SSL VPN

本文中我们提出一种新的SSLVPN体系结构,以支持所有应用,同时增强抵抗Dos和分类的Dos攻击的能力。SSLVPN的关键优势是不需要特定的客户端软件。当用户要求访问一个服务器时,由JavaApplet编写的SSL客户端模块首先被下载到主机上。但是,并不所有应用都可以很好运行的,因为客户不能通过HTTPS连接某些我们熟知的应用。而且,当SSL端口受到Dos或分类的Dos攻击时,我们不能使用VPN进行连接。改进的VPN同样使用现存SSLVPN中应用的JavaApplet,但是这Applet实现的功能我们称之为动态编码,它通过Java远程方法调用(RMI)实现动态改变。VPN客户端Applet可以和服务器端的VPN服务器和防火墙进行互操作。     

一种Web应用环境下安全单点登录模型的设计

文章面向Web应用系统,提出了一种实现安全单点登录模型的设计思想。该模型基于Java平台设计,可提供本地及异地系统间的用户身份认证,确保用户在任意点安全登录并赋予相应访问权限,提高了Web应用系统整体安全性。     

显式授权机制及对应的可信安全计算机

现代计算机系统对恶意程序窃取、破坏信息无能为力的根本原因在于系统强行代替用户行使对信息的支配权，却又不能忠实履行用户的意愿．对此提出显式授权机制，给出了信息窃取、破坏型恶意程序的精确定义，并证明基于显式授权机制的计算机能够实时、可靠抵御恶意程序的窃取、破坏攻击；给出了基于该机制的两种可信安全计算机系统．第一种可信安全计算机系统是直接将显式授权机制融入到操作系统中，能够实时、可靠抵御任意恶意程序和隐藏恶意的应用程序的信息攻击，同时与现有计算机系统具有很好的软硬件兼容性．第二种可信安全计算机系统对现有计算机硬件结构、操作系统均有小改动，但具有更强的抗攻击性能，能够实时、可靠阻止恶意操作系统自身发起的破坏攻击．     

Virtual network computing: cross-platform remote display and collaboration software

VNC (Virtual Network Computing) is a computer program written to address the problem of cross-platform remote desktop/application display. VNC uses a client/server model in which an image of the desktop of the server is transmitted to the client and displayed. The client collects mouse and keyboard input from the user and transmits them back to the server. The VNC client and server can run on Windows 95/98/NT, MacOS, and Unix (including Linux) operating systems. VNC is multi-user on Unix machines (any number of servers can be run are unrelated to the primary display of the computer), while it is effectively single-user on Macintosh and Windows machines (only one server can be run, displaying the contents of the primary display of the server). The VNC servers can be configured to allow more than one client to connect at one time, effectively allowing collaboration through the shared desktop. I describe the function of VNC, provide details of installation, describe how it achieves its goal, and evaluate the use of VNC for molecular modelling. VNC is an extremely useful tool for collaboration, instruction, software development, and debugging of graphical programs with remote users.     

ACCESSING SERVICES WITH CLIENT DIGITAL CERTIFICATES: A SHORT REPORT FROM THE DCOCE PROJECT

This article explores the advantages and disadvantages of end user/client digital certificates as means of online authentication in a higher or further education information environment. We conclude that the use of client certificates is feasible and scalable. Nevertheless, it is valid to question whether there is a future in such a technology. Certificates could be useful to some users as the front-end authentication tokens for single sign on systems and we believe that it is not critical that most users will never fully understand how they work. With feedback from over eighty users, with a broad spectrum of technical abilities, the Digital Certificate Operation in a Complex Environment (DCOCE) project looked deeply into the usability of such credentials. Whatever access management technology an institution uses, there is much to learn from the human methodologies of public key infrastructure (PKI) and how these can be made to scale. The use of local user registration individuals to issue user credentials is to be encouraged. Library services are good examples of resources that may be authorized centrally, but other services are not suited to central authorization control. We consider these issues and indicate where digital certificates could be used in the future access management protocols within the UK.     

Matchbox: secure data sharing

Homeland security requires that organizations share sensitive data, but both suppliers and users must typically restrict data access for security, legal, or business reasons. Matchbox database servers provide highly secure, fine-grained access control using digitally cosigned contracts to enforce sharing restrictions. To handle security operations, Matchbox uses the tamper-responding, programmable IBM 4758 cryptographic coprocessor. Matchbox servers can be distributed on a network for high availability, and parties can communicate with Matchbox over public networks - including hostile environments with untrusted hardware, software, and administrators.     

基于用户鉴别的虚拟网络

几乎是伴随着网络的出现,许多组织就开始研究如何加强网络的安全性,以防止非法的网络入侵和访问。而除了文件服务器和大多数的应用软件早已经开始使用帐号／口令登录过程外,似乎一直没有一种真正的安全措施来保证网络资源本身的安全性。该文所探讨的基于用户鉴别的虚拟网络,就是试图通过在用户访问网络之前进行基于用户鉴别的登录,来加强的网络的安全性和可管理性。     

基于数字证书X.509的身份认证系统的研究

该文依托校园网设计与实现基于数字证书X.509的身份认证系统。通过实施单点登录功能,使用户只需一次登录就可以控制访问其权限下的资源,提高系统易用性,安全性和稳定性。使用LDAP目录服务器提高了数字证书的查询效率。对传输数据加密,确保信息安全。     

Enterprise computing: the Java factor

The ubiquitous availability of Web browsers on multiple platforms and user familiarity with browser technology provide numerous advantages: a uniform interface; support for multimedia and user interaction and collaboration; a simple communication protocol that has been implemented in all major hardware and software platforms; and support by almost all vendors who package Web engines within their products. Such factors have expedited the implementation of network centric computing as a productive infrastructure for corporate environments. The addition of Java, with its ability to build cross platform application logic into a browser, gives network centric computing the potential to better meet enterprise computing needs. Because it lets users interact with the application on the client rather than the server, Java enables better utilization of both the server and the client's computational capability. Java can also provide sessions state information (for client side session control and resource management) in an otherwise stateless Web world. Besides naturally decentralizing application execution, Java makes it possible to decentralize application deployment. In large enterprises, organization wide applications such as personnel timekeeping or document routing can benefit from Java implementations. One immediate impact is a noticeable reduction of the server load during peak hours. Finally, Java enabled browsers can provide greater functionality than HTML     

MNCRS: industry specifications for the mobile NC

In June 1997 an industry consortium announced that it was working on a mobile extension of the Open Group's Network Computer Reference Profile (NCRP) to address the unique requirements of the many new mobile computing devices. This specification will propose a set of standards for developers deploying a Java based light weight network computing solution for mobile use. It will also include a new set of trimmed down Java APIs to support disconnected operation, secure remote access, manage power requirements, and ensure device adaptivity to different network environments. The Network Computer Reference Specification (NCRS) defined a network computer (NC) as a lightweight, ubiquitous, extensible, secure, and easy to administer system using widely deployed technologies such as HTTP, HTML, and Java to ensure universality. The Mobile Network Computer Reference Specification (MNCRS) extends the concept of a network computer to define a mobile network computer (MNC). The extension will define open standards that specify APIs visible to applications, network protocols, and server interactions. Naturally, these standards will have implications for software developers, original equipment manufacturers, operating system vendors, and service providers. Since the intent is to enable MNCs and servers from various manufacturers to interoperate, the consortium will adopt industry standards wherever possible. Accordingly, ongoing convergence efforts with entities such as the NCRP and the Internet Engineering Task Force are intended to avoid duplication of efforts in overlapping areas such as security, communications, tunneling     

Virtual network computing

VNC is an ultra thin client system based on a simple display protocol that is platform independent. It achieves mobile computing without requiring the user to carry any hardware. VNC provides access to home computing environments from anywhere in the world, on whatever computing infrastructure happens to be available-including, for example, public Web browsing terminals in airports. In addition, VNC allows a single desktop to be accessed from several places simultaneously, thus supporting application sharing in the style of computer supported cooperative work (CSCW). The technology underlying VNC is a simple remote display protocol. It is the simplicity of this protocol that makes VNC so powerful. Unlike other remote display protocols such as the X Window System and Citrix's ICA, the VNC protocol is totally independent of operating system, windowing system, and applications. The VNC system is freely available for download from the ORL Web site at http://www.orl.co.uk/vnc/. We begin the article by summarizing the evolution of VNC from our work on thin client architectures. We then describe the structure of the VNC protocol, and conclude by discussing the ways we use VNC technology now and how it may evolve further as new clients and servers are developed     

The implementation of a secure and pervasive multimodal Web system architecture

While most users currently access Web applications from Web browser interfaces, pervasive computing is emerging and offering new ways of accessing Internet applications from any device at any location, by utilizing various modes of interfaces to interact with their end users. The PC and its back-end servers remain important in a pervasive system, and the technology could involve new ways of interfacing with a PC and/or various types of gateways to back-end servers. In this research, cellular phone was used as the pervasive device for accessing an Internet application prototype, a multimodal Web system (MWS), through voice user interface technology.This paper describes how MWS was developed to provide a secure interactive voice channel using an Apache Web server, a voice server, and Java technology. Securing multimodal applications proves more challenging than securing traditional Internet applications. Various standards have been developed within a context of Java 2 Micro Edition (J2ME) platform to secure multimodal and wireless applications. In addition to covering these standards and their applicability to the MWS system implementation, this paper also shows that multimodal user-interface page can be generated by using XSLT stylesheet which transforms XML documents into various formats including XHTML, WML, and VoiceXML.     

The PERMIS X.509 role based privilege management infrastructure

This paper describes the EC PERMIS project, which has developed a role based access control infrastructure that uses X.509 attribute certificates (ACs) to store the users’ roles. All access control decisions are driven by an authorisation policy, which is itself stored in an X.509 AC, thus guaranteeing its integrity. All the ACs can be stored in one or more LDAP directories, thus making them widely available. Authorisation policies are written in XML according to a DTD that has been published at XML.org. The Access Control Decision Function (ADF) is written in Java and the Java API is simple to use, comprising of just three methods and a constructor. There is also a Privilege Allocator, which is a tool that constructs and signs ACs and stores them in an LDAP directory for subsequent use by the ADF.     

一种基于PowerPC的安全SoC设计

提出一种基于PowerPC的安全SoC架构,通过硬件隔离的方法防御软件攻击。将软硬件资源隔离成安全和非安全两种,由硬件控制资源访问请求,可以为上层软件提供更好的安全保障。基于这种思想,对基于PowerPC的SoC架构进行了安全扩展,为上层软件提供安全和非安全两种运行环境。任何数据访问请求都会根据运行环境以及所访问的资源的安全状态判定访问是否被允许。另外,针对这种安全架构,采用基于Qemu和SystemC的高层建模方法进行建模,验证了该架构能够有效保护数据安全。     

Chronicle of a Java Card death

Various attacks are designed to gain access to the assets of Java Card Platforms. These attacks use software, hardware or a combination of both. Manufacturers have improved their countermeasures to protect card assets from these attacks. In this paper, we attempt to gain access to assets of a recent Java Card Platform by combining various logical attacks. As we did not have any information about the internal structure of the targeted platform, we had to execute various attacks and analyze the results. Our investigation on the targeted Java Card Platform lead us to introduce two generic methods to gain access to the assets of Java Card Platforms. One of the new methods we present in this paper is based on the misuse of the Java Card API to build a type confusion and get access to the objects (including cryptographic keys) of a Java Card applet. The other method is a new approach to get access to the return address of the methods in Java Cards with Separate Stack countermeasure. We also propose a pattern that the targeted platform uses to store data and code of applets on the card plus the ability to read and write in the data and code area of the applets in different security contexts. These new attacks occur even in the presence of countermeasures such as Separate Stack for kernel and user data, indirect mapping for objects addressing and firewall mechanisms.     

WDAI: a simple World Wide Web distributed authorization infrastructure

The World Wide Web (W3) has the potential to link different kinds of documents into hypertext collections and to distribute such collections among many document servers. Distributed collections can bring forth new W3 applications in extranets and expand the concept of content reuse. However, they also bring new authorization problems, such as the need for coordinated user administration, user authentication, and revocation of rights. This paper proposes WDAI, a simple and general infrastructure for distributed authorization on the World Wide Web. Under WDAI, browsers and servers exchange authorization information using X.509v3-based authorization certificates. WDAI is designed to be open to a wide variety of security policies and, being compatible with existing W3 technology, can be implemented without modifying existing browsers.