The International Arab Journal of Information Technology (IAJIT)

..............................
..............................
..............................


Security Solutions for Jini-Based Applications

Since its first release, Jini became a promising technology to build fault tolerant distributed systems. The actual Jini architecture however lacks a strong security model. Based on a concrete example, this paper aims at reviewing the main security architectures that have been proposed by the research community and presents an evaluation of them. This work may serve as a basis for securing Jini-based systems by selecting the set of solutions provided by each model, depending on the security needs introduced by each specific application.

 


[1] Al-Muhtadi J., Anand M., Mickunas M. D., and Campbell R., “Secure Smart Homes using Jini and UIUC SESAME,” in Proceedings of the 16th Annual Computer Secrity Applications Conference (ACSAC’00), New Orleans, Louisiana, pp.77-85, 2000.

[2] Andersson F. and Karlsson M., “Secure Jini Services in Ad Hoc Networks,” Master Thesis, Royal Institute of Technology, Stockholm, 2000.

[3] Blaze M., Feigenbaum J. and Lacy J., “Decentralized Trust Management,” in Proceedings of the IEEE Symposium on Security and Privacy, pp. 164-173, 1996.

[4] Diffie W. and Hellman M. E., “New Directions in Cryptography,” in IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644-654, 1976. Security Solutions for Jini-Based Applications 31

[5] Edwards W. K., Core Jini, Prentice-Hall, 2nd Edition, 2001.

[6] Eronen, P., “Security in The Jini Networking Technology: A Decentralized Approach,” Master Thesis, Department of Computer Science, Helsinki University of Technology, 2001.

[7] Eronen P., Gehrmann C., and Nikander P., “Securing ad hoc Jini services,” in Proceedings of the 5th Nordic Workshop on Secure IT Systems (NordSec'2000), Reykjavik, Iceland, pp. 169- 177, 2001.

[8] Eronen P., Lehtinen J., Zitting J., and Nikander P., “ Extending Jini with Decentralized Trust Management,” in Proceedings of the 3th IEEE Conference on Open Architectures and Network Programming (OPENARCH'2000), TelAviv, Israel, pp. 25-29, 2000.

[9] Eronen P. and Nikander P., “Decentralized Jini Security,” in Proceedings of the Network and Distributed System Security Symposium (NDSS'2001), pp. 161-172, 2001.

[10] Hasselmeyer P., Kehr R., and Voss M., “Trade- offs in a Secure Jini Service Architecture,” in Trends Towards a Universal Service Market (USM'2000), Lecture Notes in Computer Science (LNCS), vol. 1890, Springer Verlag, 2000.

[11] Kaijser P., Parker T., and Pinkas D., “SESAME: The Solution to Security for Open Distributed Systems,” Journal of Computer Communications, pp. 501-518, vol. 17, no. 4, 1994.

[12] Li S., Ashri R., Buurmeijer M., Hol R., Flenner B., and Scheuring J., Professional Jini, Wrox Press Inc., 1st edition, 2000.

[13] McGraw G. and Felten E., Securing Java, Getting Down to Business with Mobile Code, John Wiley and Sons, 2nd Edition, 1999.

[14] MIT’s Kerberos Homepage, http://web.mit.edu/ kerberos/www/, July 2002.

[15] Mostéfaoui G., “Security in Pervasive Environments, What's Next?,” in Proceedings of the 2003 International Conference on Security and Management (SAM'03), Las Vegas, Nevada, USA, June 2003.

[16] Mostéfaoui G. and Brézillon P., “A Generic Framework for Context-Based Distributed Authorizations,” Fourth International and Interdisciplinary Conference on Modeling and Using Context (Context'03), in Lecture Notes in Computer Science, Springer Verlag, 2003.

[17] Schoch T.,“An Authentication and Authorization Architecture for Jini Services,” Diploma Thesis, ETHZ, October 2000.

[18] Schoch T., Krone O., and Federrath H., “Making Jini Secure,” in Proceedings of the Fourth International Conference on Electronic Commerce Research, pp. 276-286, 2001.

[19] Schumacher M. and Roedig U., “Security Engineering with Patterns,” in the proceedings of the 8th Conference on Pattern Languages of Programs (PLoP'2001), 2001.

[20] Simple Public Key Infrastructure Working Group, Simple Public Key Infrastructure, http://www.ietf.org/html.charters/spki-charter. html, July 2002.

[21] Sun Microsystems Inc., “The Davis Project,” accepted, http://developer.jini.org/exchange/ projects/davis/index.html, July 2002.

[22] Sun Microsystems Inc., Secure Computing with Java: Now and the Future, White Paper, http://java.sun.com/marketing/collateral/security. html, July 2002.

[23] Sun Microsystems Inc., The Java Cryptography Extension, http://java.sun.com/products/jce/, July 2002.

[24] Sun Microsystems Inc., Java Secure Socket Extension, http://java.sun.com/products/jsse/, July 2002.

[25] Sun Microsystems Inc., The Java Authentication and Authorization Service, http://java.sun.com/ products /jaas/, July 2002.

[26] Sun Microsystems Inc., “Default Policy Implementation and Policy File Syntax, http://java.sun.com/j2se/1.4/docs/guide/security/ PolicyFiles.html, July 2002.

[27] Sun Microsystems Inc., “Permissions in the JavaTM 2 SDK, http://java.sun.com/j2se/1.4/ docs/guide/security/permissions.html, July 2002.

[28] Sun Microsystems Inc., Java Card (TM) Technology, http://java.sun.com/products/java card/, July 2002.

[29] Sun Microsystems Inc., The Davis Project: Overture 0.05 Release, http://developer.jini. org/exchange/projects/davis/overture.html, July 2002.

[30] Sun Microsystems Inc., Jini (TM) Architecture Specification, Version 1.2, http://wwws.sun.com/ software/jini/specs/jini1.2html/jini-title.html, July 2002.

[31] The Java Community Process Program, JSR 76 RMI Security for J2SETM Community Draft Ballot, http://jcp.org/jsr/results/76-7-1.jsp, July 2002.

[32] Transport Layer Security Working Group, Transport Layer Security, http://www.ietf.org/ html.charters/tls-charter.html, July 2002.

[33] Transport Layer Security Working Group, SSL 3.0 Specification, http://www.netscape.com/eng/ ssl3, July 2002.

[34] Venners B., Security and the Class Loader Architecture, http://www.javaworld.com/java world/jw-09-1997/jw-09-hood.html, July 2002.

[35] Yellin F., “Low Level Security in Java”, in Proceedings of the 4th International World Wide Web Conference (WWW4'1995), Boston, pp. 369-380, 1995.

[36] Yoder J. and Barcalow J., “Architectural patterns for enabling application security,” in Proceedings of the 4th Pattern Languages of Programming, Monticello, IL. 32 The International Arab Journal of Information Technology, Vol. 1, No. 0, July 2003 Ghita Mostéfaoui received her engineer’s Diploma in electronics from the University of Blida in Algeria in 1996. She then received a fellowship from EPFL(Ecole Polytechnique Fédérale de Lausanne) Switzerland to attend a pre-doctoral school in computer science. Since 1999, she is a research and teaching assistant in the Software Engineering Group at the University of Fribourg and enrolled in both Fribourg and the University of Paris VI to prepare a PhD dissertation in computer science. Her main research interests include context-based security, context-aware computing and software frameworks for distributed systems.