Home

(CORBA) CSE367 Reasearch Project Security (F. Gau, D. Wang)

1. Adds a patient into PDB patient table Returns true if successfully done false if faild Only accountants have the right public boolean addPatient int token Java lang String patientID Java lang String patientName Method 9 removePatient Deletes a patient from PDB patient table Returns true if successfully done false if failed Only accountants have the right public boolean removePatient int token Java lang String patientID Java lang String patientName 5 5 New functions of Patient DB Client e We changed the appearances of all the panels including layout borders and so on e Menu items become disabled if current user doesn t have right to perform the CSE367 Research Lab corresponding operations e Get roles of current user based on user ID and password when authenticating e Change role user without restarting the system 5 6 Implementation of Component Functionality In this project we use Visibroker for Java 4 5 and its Naming Service as CORBA Lookup service And we use Oracle 8 1 7 as our database server because they are both free We installed LINUX Mandrake 2 2 17 21 in a 2 processor DELL desktop and installed Visibroker and Oracle in LINUX Our JAVA written server and client applications can run anywhere Basically we run it under NT 4 0 The functionality of each components is described as follows 5 6 1 Security Policy Client Register unregistered Patient D
2. CSE367 Research Lab 2 CORBA Naming Service After investigating the mechanism of CORBA architecture let s take look at one of the CORBA services CORBA Naming Service CORBA Naming Service is like the telephone yellow pages for objects It relies on the CORBA main infrastructure but provides an efficient way of managing and locating objects with their names Names are used defined values that identify objects The naming service maps these use defined names to object references A name to object association is called a name binding A Naming Service maintains a database of bindings between names and object references You can reference a CORBA object using a sequence of names that form a hierarchical naming tree In the figure each dark node is a naming context An object s name consists of a sequence of components that form a compound name Only the leaf nodes are bound to implementations of objects See Figure 6 Root Context S Dee DataBase Context WA Server 3 k PDB ae UDB O Name Context Object Name Figure 6 CORBA Objects Support Hierarchical Each name component is a structure with two attributes 1 identifier is the object s name string 2 kind is a string in which you can put a descriptive attribute for your name The Naming Service does not interpret assign or manage these attributes in any way They are used by higher CSE367 Research Lab levels of software Figure 7 shows a simplified v
3. Server Security Database Chent x Client Patient DB GUI client Figure 7 Overall Structure 5 System Functions 5 1 Basic Functions Interaction between components Our security system for Patient DB is based on the original JINI security system for University DB therefore it has implemented the basic functions such as negative privileges IP constraint only supports for now time constraint Token 180 second time constraint for each login and permission check The basic functions is described as follows 5 1 1 Security Clients Access Security Server Figure 8 shows how security clients Policy Client and Enforcement Client access Security Server CSE367 Research Lab Visibroker Naming Service 2 Lookup Security P d EN Server 3 Return Service 1 Register Proxy K 5 Get Token 4 Register nm di gt 6 Remote Method Invocation NR Figure 8 Security Clients Access Security Server Security Server registers with Visibroker Naming Service to publish its services 2 Security clients Policy Client and Enforcement Client look for security services in Visibroker Naming Service 3 Visibroker Naming Service finds security services and returns the service stub to security clients 4 Security clients register with Security Server by inputting user ID and password 5 Security Server generates a token for each security client 6 Holding a valid toke
4. VBJclasspath home local vbroker lib vbjorb jar com inprise vbroker naming ExtFactory NameService amp 2 3 4 Starting Security Server In NT O Ss OR o stat vbj DORBagentAddr 137 99 10 209 DSVCnameroot NameService VBJclasspath lib classes12 zip corbass sserver SecurityServer In Unix o vbj DORBagentAddr 1 37 99 10 209 DSVCnameroot NameService VBJclasspath lib classes12 zip corbass sserver SecurityServer amp 26 CSE367 Research Lab 2 3 5 Starting Security Patient DB Server In NT o start vb DORBagentAddr 137 99 10 209 DSV Cnameroot NameService VBJclasspath_ lib classes12 zip corbass pdbserver PDB Server In Unix o vbj DORBagentAddr 137 99 10 209 DSVCnameroot NameService VBJclasspath lib classes12 zip corbass pdbserver PDBServer amp 2 3 6 Starting Policy Client In NT Ip OR o stat vbj DORBagentAddr 137 99 10 209 DSVCnameroot NameService corbass policy PolicyClient In Unix o vbj DORBagentAddr 137 99 10 209 DSVCnameroot NameService corbass policy PolicyClient amp 2 3 7 Starting Enforcement Client In NT OR o start vbj DORBagentAddr 137 99 10 209 DSVCnamerootzNameService 27 CSE367 Research Lab corbass enforce EnforceClient In Unix o vbj DORBagentAddr 137 99 10 209 DSVCnameroot NameService corbass enforce EnforceClient amp 2 3 8 Starting Patient DB Client In NT o pdbc OR o start vb DORBagentAddrz137 99 10 209 DSVCnameroot NameService corbass
5. j javax swing JFrame Enforce ERROR java lang String _token int _security corbass sserver Security id java lang String _passwd java lang String _tole java lang String Enforce java lang Object authend void makeMenus Q void makeWidgetsQ void TokenPanel UserPanel NegativePrivilegeTab TokenRenewThread WindowListener javax swing JPanel EraseUserTab parentcorbass enforce Enforce _id javax swing JComboBox users java util Vector EraseUserTab corbass enforce Er eraseUser actionPerformed java makecChildren Q void javax swing JPanel UnregisterTokenTab parentcorbass enforce Enforce _token javax swing JComboBox tokens java util Vector UnredisterTokenTabCcorbass enfo eraseToken artionPerformed jav makeChildrend void javax swing JPanel GrantNPMethodTab parentcorbass enforce Enforce _id javax swing JComboBox _res javax swing JComboBox method javax swing JComboBox GrantNPMethodTab corbass enfor changeMethodBox void grantMethod actionPerformed jav makecChildren Q void revokeMethod actionPerformed j javax swing JPanel QueryUserTab parentcorbass enforce Enforce id javax swing JTextField QueryUserTab corbass enforce Er makeChildrend void queryRole_actionPerformed java javax swing JPanel CreateUserTab parentcorbass enforce Enforce _id javax swing JTextField passwd javax swing JPasswordF begin date javax swing JTextFiel createUser actionPerformed ja
6. JCompone java lang Object Gul GuiUtild getTopDialogfjava awt Compone getTopFrametcjava awt Compone makeLittlePanel javax swing JPa moveToScreenCenter java awt D moveToScreenCenter java awt Fr Const TOKEN DURATION TIME int ORACLE JDBC DRIVER javalan ACCESS JDBC DRIVER javalan ORACLE int ACCESS int SECURITY ORACLE URL javals SECURITY ACCESS URL java le SECURITY DB ID java lang Strin SECURITY DB PASSYVD java lar UNIYERSITY ORACLE URL java UNIYERSITY ACCESS URL java UNIVERSITY DB ID javalang Str UNIYERSITY DB PASSWD java l UNIYERSITY DB TABLE java lan UNIVERSITY DB REGISTRATIOPF PATIENT ORACLE URLjavalam PATIENT ACCESS URL java lan PATIEMT DB ID java lang String PATIENT DB PASSWD java lang PATIENT DB PATIENT TABLE js PATIENT DB HISTORY TABLE PATIENT DB PRESCRIPTION T PATIENT DB PAYMENT TABLE java lang Object CommonUtil LH java lang SecurityException SecuritySystemException ene IO SecuritySystemException java lar HIDE d Stringyint ava an 2H toStringQ java lang String getNamejavalang String java la stringArrayv2D2vectortjava lang S1 stringArray2 Vector Cjava lang Strin vector2StringArray java util vector vector2StringArray2D java util Mec javax swing JFrame ShowTextFrame ShowTextFrametcjava lang String java lang SecurityException NoRightException MESSAGE java lang String MoRightExceptionQ toStringQ java lang String javax swing JDialo
7. KA PDB GUI Client lof File Help Query Update AddRomove Diagnosis Prescription oz ione Patient ID pi User ID fei Description Allergy Time 05108 2001 Update Clear 5 4 Add Remove Panel SS PDB GUI Client laf File Help Query Update AddRomove Add Patient Remove Patient Patient ID pi Patient Name Patient 1 Add Clear 33 CSE367 Research Lab 5 5 Change User Role PDB GUI Client 34 1 Packages RegisterResourceTab CreateRoleTab GrantlPTab GrantMethodTab RefreshThread GrantResourceTab Policy PolicyClient GrantServiceTab QueryResourceTab RegisterMethodTab RegisterlPTab AddMethodToServiceTab QueryRoleTab RegisterServiceTab PDBInterfacelmpl PDBResourcelD PDBInterfaceHolder PDBInterfacePOATie Seq2StringHolder Seq2StringHelper PDBinterfaceOperations PDBServer PDBinterface PDBinterfaceHelper Seq1 StringHelper PDBInterfaceStub Seq1 StringHolder PDBinterfacePOA CSE367 Research Lab Appendix C UML Diagrams EnforceClient EraseUserTab RefreshThread Enforce QueryUserTab QueryTokenTab GrantNPResourceTab GrantRoleTab CreateUserTab GrantNPMethodTab GrantNPServiceTab UnregisterTokenTab xXmbDialog Commonutil Guiltil NoRightException SecuritySystemException Const ShowTextFrame AuthenDialog policy enfo
8. pdbclient PDBClient In Unix o stat vb DORBagentAddr 137 99 10 209 DSVCnameroot NameService corbass pdbclient PDBClient amp 28 CSE367 Research Lab Appendix B System Demo with Screen Shots 1 Security Server 8 d vbroker bin vbj exe Bisi E Bind ORB com inprise ubroker orb ORBB6fa474 SecurityServer is ready Stublrepository_id IDL corbass sserver SecurityServerInterface 1 8 key Serviceld lservice security server _poa id 14 bytes S e c u r i t y e r v e r gt codebase nu 11 is ready 43 registerClient register client id security_admin role security admin IP 3868 resourceRegister 381 methodRegister 8 Get Medical History 1 Get Diagnosis 2 Get Prescription 3 Get Payment Mode 2 Patient DB Server vbroker bin vbj exe Bind Security Server Stublrepository id IDL corbass sserver SecurityServerInterface 1 0 key Serviceld service mm security server poa id i4 bytes S e c u r i i t L y e r v llell r1 gt 1 codebase nu 111 Stublrepository_id IDL corbass pdhserver PDBInterface 1 8 key Serviceld service patient_d bserver_poa id 9 bytes P1 DI1 B1 S 1 e 1 r o o e 1 r 1 codebase null1 is ready 3 Policy Client 3 1 Authentication Dialog SLI Policy Client Authentication ID security admin PASSWORD Ps Get Your Role s security admin OK Cancel 29 CSE367 Research Lab 3 2 Ro
9. resources provide people with a cost effective way to share information and service at the meantime they pose the problem of security In our point of view The main issue of using a distributed resource is who can use it when the user can use it and where the user can use it and to what extent a user can use it In order to address the issue of security a security system is a must for any distributed resource The purpose of the security system is to Protect resources Only trusted user can use the resource within some limit and the user can only access the resource from trusted IP addresses Security system needs to authenticate the user before the user can access resource When an authenticated user accesses the resource the security system should also have control over the user s access A user can only access the resource that the user is authorized to access Figure 8 shows the basic structure of a client server application with a security system Protect user information As user s ID and password flow through network they are vulnerable to tampering the security system needs to provide ways to protect user information Protect data privacy and integrity As data is sent back and forth from and to the resource server through network it is under potential risk of being tampered or being altered The security system needs to provide a safer way to transfer important data through network In this paper a role based security system is
10. 11 5 1 Basic Functions Interaction between components ENEE 11 52 Patient DB Server and GUI Client Access Security Server ENEE 12 53 New Functions of Security Server ENEE 14 54 New functions of Security Clients AKE ww 15 55 New functions of Patient DB Server eee ee bs Aa GE ee ee oh es 15 56 New functions of Patient DB CA 18 54 sComponent P nctionality aie Sead ante Ee Iba etae ee e 19 6 CONCLUSION AND FUTURE WORK e no ssosonenoonenenenoosenonensasenenenoenenene RE Be Be Roe ee oe Se BEER Be ee es 21 61 Problems encountered EE RE EE EE ER i 21 62 Recommendations for improvements ENEE 21 6 3 Suggestions for future Work russe EE eta ee Ee ee ee eet heel eae eat eats 21 APPENDIX A USER MANUAL D 23 APPENDIX B SYSTEM DEMO WITH SCREEN SHOI S 29 APPENDIX C UML DIAGRAMS sususesensnsnssnenenensssensnensensnsnenssnensnenssssnsnensunensnsnsnssnsnensnssnsnsnenssnsnsnsnssnsnsnenssssnsnensnssnsnensnsen 35 CSE367 Research Lab 1 Introduction to CORBA 1 1 Whatis DRE A distributed resource environment DRE provides an infrastructure for distributed application components to interact with each other in a client server paradigm Distributed components servers databases etc are defined as resources that publish services for use by clients 1 2 What is CORBA Common Object Request Broker Architecture CORBA is the
11. CSE367 Research Lab Security System for Patient DB Final report for CSE367 Fei Gao Dan Wang and Jin Ma Computer Science amp Engineering The University of Connecticut Storrs CT 06269 3155 fgao dwang jinma Q engr uconn edu 05 08 2001 CSE367 Research Lab ABSTRACT With the development of middle technologies people can take advantage of the resources spread through out their organizations and collaborative organizations around the world This distributed resource environment makes the most of the available resources at the mean time it poses the issue of security when people access these valuable resources through network because most middleware products do not have enough security In this paper a role based access control security model is discussed The main idea in this model is a resource can not be accesses by any user An authenticated user can only access a resource based on the user s role and each role has specific privileges This model is implemented in a CORBA based distributed environment CSE367 Research Lab Contents 1 INTRODUCTION TO CORBA ai 1 t Whatis DRE nn e ERR ee ee GR Ge SR Ge ee Ee A 1 12 WhatissCORBA SS aud ds 1 13 How CORBA Works arrien renea e A E Eo Eie SEa AAE E E ETE EEEE EE EEE eaa 2 14 Adyantages and Disadvantages Aa 5 2 CORBA NAMING SERVICE E 6 3 KUSSIOUN 8 4 OVERVIEW OF THE SYSTEM IA 9 ER ei OC 9 42 Overall SU UA e eap ab eq RR RR PR RR OR 10 5 KORRIS KLANK
12. _resijavax swing JComboBox _service javax swing JTexF ield GrantServiceTab corbass policy P grantService_actionPerformed jay makeChildrend void TevokeService actionPerformed javax swing JPanel AddMethodToServiceTab CSE367 Research Lab javax swing JPanel RegisterServiceT ab parentcorbass policy Policy pes javax swing ComboBox _service javax swing JTextField descjavax swing JTextField currentRes java lang String avres java util Vector RegisterServiceTab corhass polic makeChildren void registerService_actionPerformed unregisterService_actionPerfarme 36 3 Package corbass enforce java lang Object EnforceClient Lu as IYI EnforceClient mainjava land Strinafp void java lang Object RefreshThread lt E RefreshThread refreshRoles corbass enforce Er refreshUsers corbass enforce Er javax swing JPanel GrantRoleTab parentcorbass enforce Enforce _role javax swing JCaomboBox idjavax swing JComboBox GrantRoleTab corbass enforce En grantRole artionPerformed java makeChildren Q void revokeRole_actionPerformed jave javax swing JPanel GrantNPServiceTab parentcorbass enforce Enforce _id javax swing JComboBox res javax swing JComboBox users java util Vector avres java util Vector _sernicejavax swing JTextField GrantNPServiceTab corbass enfor grantService actionPerformed jav makecChildren Q void revokeService_actionPerformed
13. adcdPatient int java lang String je getDiagnosis int java lang String getMecdicaiHistory int Java lang 5 getPatientList int java lang String getPaymentfode int java lang S getPrescription intjava lang Strir ifHasRight intin boolean removeFatient int java lang Strin setPaymentModer int java lang Si writeDiagnosis int java Jang Strin writePrescription int java lang Sir java lang Object omg CORBA portable Streamable Seg2StringHolder Seq2StringHolderd Seq2StringHolder java lang Strini _read org amg CORBA portable _typeQ org omg CORBA TypeCod _writeCorg omg CORBA portable java lang Object ZORBA portable BoxedValueHeiper Seg2StringHelper instance corbass pdbserver Seq Orb0 orq omq CORBA ORB extractlorg omg CORBA Any java id java lang String insert ord oma CORBAAny java tread org omg CORBA portable In read valueCorg omg CORBA port typelord oma CORBA TypeCode write org omg CORBA portable O write valueCorg omg CORBA port java lang Object PDBinterfaceHelper type ord oma CORBA TypeCode initializing boolean PDBInterfaceHelperQ orb org omg CORBA ORB bind org omg CORBA ORBYcorb bind org omg CORDA ORB java bindforg omg CORBA ORB java bind ora omd CORBA ORB java hind org omg CORBA ORB java extract org oma CORBA Any cork tid java lang String tinsertGorg omg CORBA Any corh narrow org omg CORBA Object narro
14. aming Service finds services and returns the service stubs to Patient DB GUI Client 9 Patient DB GUI Client registers with Security Server by inputting user ID and password 10 Security Server generates a token for Patient DB GUI Client 5 2 CSE367 Research Lab 11 Holding a token Patient DB GUI Client invokes remotely the methods provided by Patient DB Server 12 Holding its own token and current client s token Patient DB Server checks with Security Server if current client has permission to invoke current method 13 Security Server responds Patient DB Server with the result of permission check 14 Patient DB Server responds the invocations of current client by modifying the Patient database and returning the result to current client New Functions of Security Server In order to make GUI friendlier we added some query functions as follows Query all available resources from availres table public java lang String queryAvailResources Query IDs of all available methods from availmethod table public java lang String queryAvailMethodIDs java lang String arg0 Query names of all available methods from availmethod table public java lang String queryAvailMethodNames java lang String arg0 Query descriptions of all available methods from availmethod table public java lang String queryAvailMethodDescs java lang String arg0 Query all resources from re
15. arentcorbass policy Policy tolejavax swing JComboBox roles java util Vector _ip javax swing JTextF ield GrantlPTab corbass policy Policy grantRole_actionPerformed java makeChildrend void revokeRole_actionPerformed jave GrantResourceTab parentcorbass policy Policy rolejavax swing JComboBox resjavax swing JComboBox GrantResourceTab corbass policy grantRole_actionPerformed java makeChildrend void reyokeRole_actionPerformed jave javax swing JPanel RegisterMethodTab parentcorbass policy Policy res javax swing JComboBox method javax swing JComboBox destjavax swing JTextField RegisterMethodTab corbass polic changeDescriptionBoxd void changeMethodBox void makeChildren void registerMethod_actionPerformed unregisterMethod actionPerforme javax swing JPanel CreateRoleTab parentcorbass policy Policy rolejavax swing JTexF ield destjavax swing JTextF ield CreateRoleTab corbass policy Pol treateRole actionPerformed java eraseRole artionPerformed java makeChildren void java lang Object RefreshThread RefreshThread refreshAllMethods corbass policy refreshAllResources corbass pol tefteshAvailMethods corbass pol seffeshRRolestcorbase policy Poli javax swing JFrame Poli ERROR java lang String _token int _security corbass sserver Security id java lang String passwd java lang String _tole java lang Strin Policy java lang Object stauthen vo
16. asses corbass common class 2 Instruction on how to run the system 2 1 Directory and File Specifications e classes all the class files a a corbass common corbass enforce corbass pdbclient corbass pdbserver corbass ssever batch files for running the system 1 rp bat for running policy client H re bat for running enforcement client iii ss bat for running security server 24 CSE367 Research Lab iv pdbc bat for running pdb client V pdbs bat for running pdb server e lib classes12 zip Oracle driver for JAVA src Source Code a a corbass common corbass enforce corbass oracle SQL files for creating security and patient database corbass pdbclient corbass pdbserver corbass ssever 2 2 Running Steps Start Oracle Create Patient DB and Security DB Start Visibroker OS Agent Start Visibroker Naming Service Start Security Server Start Patient DB Server Start all the other clients 2 3 Commands of running the system 2 3 1 Starting Oracle o Login dachshund engr uconn edu as root o Run etc init d dbora 25 CSE367 Research Lab o Run Isnrctl start 2 3 2 Creating Database o Login dachshund engr uconn edu as a normal user o Run sqlplus o Input id and password o Run start security sql o Run start pdb sql o exit 2 3 3 Starting the Visibroker o Login dachshund engr uconn edu as a normal user o Start OSAgent osagent amp o Start Naming Service vbj
17. atabase server and its methods such as getPatientMedicalHistory token patient_id getPatientPrescription token patient_id AddPaitent token patient_id e Add time constrain on resource e Create erase role such as create doctor nurse and accountant roles Grant revoke resource and methods to roles such as granting doctor the privilege of writePrescription token patient_id Designate revoke IP address to from each role so users can only access the resource from certain IP addresses 5 6 2 Security Enforcement Client e Create erase users Add time constraint to each user CSE367 Research Lab e Grant revoke roles to from each user e Grant revoke negative resources methods to from users 5 6 3 Security Server Verify the identity of a user e Check if Patient Database is still active Check client s request based on the client s role and privileges which includes the time constrain check IP address check role based resource check Does the client s role has right to use the resource role based method check Does he client s role has right to use the method 5 6 4 Patient Database Server e Listens to the client s request such as query patient Database for medical history patient lists and writes prescription for a patient into patient Database Sends client s role IP address request time requested resource ID and method ID to security server for permission check e Listens the
18. check result from security server Fulfills the client s request if the server response is positive it will query or update the patient Database upon client s request and sends result to client Refuses the client s request if the server response is negative 5 6 5 Patient Database Client Provides the GUI to users to access Patient Database Server e Change user or role without exiting the system Whether menu items are enabled depends on the privileges of current user 20 CSE367 Research Lab 6 Conclusion and Future Work Above all we have presented what we have learned and done this semester Our project which incorporates the security using the role based access control approach into CORBA has proved that we can use CORBA to realize the role based security 6 1 Problems encountered e Java class java util Vector is hard to transfer over network by Visibroker so it is changed to java lang String or java lang String e Use rebind instead of bind to bind Visibroker Naming Service 6 2 Recommendations for improvements e Change Change User Role menu item to two menu items Change role and Relogin e Remove User ID item from PDB Client Update Panel e Change Time to Date in PDB Client Update Panel e Change Date to drop down menu instead of typing in e Remove method number from drop down menu 6 3 Suggestions for future work e Use CORBA to realize current JINI version since CORBA is much fast
19. discussed It focuses on the protection of CSE367 Research Lab resource The main idea in the model is only the authenticated user can use a resource The user can only use the resource based on the user s role This model is implemented in a CORBA based distributed environment 1 Register Resource Client 2 Authenticate Security System 3 Do something 4 Is OK Resource Server 5 Yes or No Resource Figure 8 Client server application with security system The resource here can be a Database If the client wants to access resource he she has to be authenticated by the security system then sends request to resource server The resource server will check with security system to get authorization then access resource on behalf of client s request Here resource resource client resource server and security system are all distributed in the same or different networks 4 Overview of the system 4 1 Components This project consists of four major components CORBA Lookup Service Security System Resource and Resource Client CORBA Lookup Service is just like a bridge through which Security System Resource and Client interact with one another over the network 4 1 1 CORBA Lookup Service CORBA Lookup Service connects all the other components so that they can communicate with each other over the network CSE367 Research Lab 4 1 2 Security System Security system consists of security ser
20. er than JINI However we only have 60 Day trial version Visibroker for Java 4 5 e Try to use only one security server for PDB and UDB e Try to add service to resource method pair Currently version the service is ignored e Try to incorporate JINI and CORBA 21 CSE367 Research Lab e Try to use a common resource to test cooperation of JINI and CORBA 22 CSE367 Research Lab Appendix A User Manual 1 Instruction on how to setup the system 1 1 Software Requirements e OS Linux NT e CORBA Visibroker for JAVA 4 5 e JAVA 1 2 2 or higher e Oracle 8 1 7 1 2 Hardware Requirements e Pentium II or higher e 64M RAM or higher 13 CORBA Installation e Download Visibroker for JAVA 4 5 from http www borland com e Install Visibroker for JAVA 4 5 in Linux 1 4 JAVA Installation e Download Java 1 3 from http java sun com e Install Java 1 3 in Linux and NT 1 5 Oracle Installation e Download Oracle 8 1 7 from http www oracle com 23 CSE367 Research Lab e Install Oracle 8 1 7 in Linux e Download Oracle driver for JAVA classes12 zip 1 6 Security System Installation e Security Server classes corbass sserver class and lib classes12 zip e Policy Client classes corbass policy class e Enforcement Client classes corbass policy class e Patient DB Server classes corbass pdbserver class and lib classes12 zip e Patient DB Client classes corbass pdbclient class Note all of above need cl
21. eried patient Only accountants have right to do so public java lang String getPaymentMode int token java lang String patientID method 4 getPatientList get the patient list which include the patient ID and patient name returns the list of patients only accountants have right Gi public java lang String getPatientList int token java lang String patientID Method 5 writeDiagnosis Writes diagnosis for a patient into PDB medicalHistory table Returns true if successfully done false if faild Only doctors have the right public boolean writeDiagnosis int token Java lang String userID Java lang String patientID Java lang String diagnosis Java lang String time Method 6 writePrescription Writes prescription for a patient into PDB prescription table CSE367 Research Lab Returns true if successfully done false if faild Only doctors have the right public boolean writePrescription int token Java lang String userID Java lang String patientID Java lang String description Java lang String time Method 7 setPaymentMode Writes payment of a patient into PDB payment table Returns true if successfully done false if faild Only accountants have the right public boolean setPaymentMode int token Java lang String userID Java lang String patientID Java lang String mode Java lang String time Method 8 addPatient
22. eton 1 Download E Figure 2 Service Stub Proxy and Skeleton 1 3 3 Service Registration Service is implemented created and provided to the client by a server A server can provide several services such as printing scanning Client can also provide services in such cases client turns out to be a server A server plays several roles as follows 1 It implements and creates the service object also generates service stub and skeleton 2 Itregisters the service object with CORBA lookup services 3 It executes the tasks and returns the result to the client In order to register the service object with the CORBA lookup service the server must first find the lookup service This is done as follows the server broadcasts lookup message around if there already exists a CORBA bokup service this CORBA lookup service responds to the server by sending its proxy object so called registrar back to the server It is through this registrar proxy that the server communicates with CORBA lookup service After finding the CSE367 Research Lab lookup service the server registers its service objects with the CORBA lookup service This involves uploading the service proxy and storing it on the CORBA lookup service see Figure 3 CORBA Lookup Service Server Registrar Proxy Figure 3 Service Registration 1 3 4 Client Lookup The client on the other hand goes through the same mechanism to get a registrar proxy from the lookup ser
23. g AuthenDialog id javax swing JTextField passwd javax swing JPasswordF _rbutton javax swing JButton _rcombo javax swing JComboBox security corbass sserver SecurityS _action boolean ownerjavax swing JFrame AuthenDialog javax swing JFrami actionQ boolean clearQ void main java lang String D void makeLowerQ javax swing JPanel makeUpperQ javax swing JPanel makevVVidgetsO void ID java lang String passwd java lang String role java lang String roles java util Vector 40 Research Lab CSE367 7 Package corbass sserver x iHi a um ER ETER ES os Inu ooo o nt t Re EE ini t i n fumi 1 p HEU um HHI i ii ii m HHI i i t uu pem i ii iin 41
24. id getSS corbass sserver SecuritySe getTokend int makeMenus vaid makeWidgets void javax swing JPanel RegisterlPTab parentcorbass policy Policy ip javax swing JTextField _desc javax swing JTextField RegisterlP Tabf corbass policy Poli makeChildren void registerlP_actionPerformed java lt unregisterlP_actionPerformed jav javax swing JPanel GrantMethodTab _parent corbass policy Policy _role javax swing JComboBox res javax swing JComboBox methodjavax swing JComboBox GrantMethodTab corhass policy Pt changeMethodbox void grantMethod actionPerformed jav makeChildren void revokeMethod_actionPerformedik java lang Object PolicyClient main java lang Strinaf void javax swing JPanel QueryResourceTab _parent corbass policy Policy res res javax swing JTextField Service res javax swing JTexfFiel _service_servicejavax swing JTex method res javax swing JTextFie method method javax swing JTe QueryResourceTab corbass policy makeChildrend void querylP_actionPerformed java aw queryMethod actionPerformed ja queryResource_actionPerformed queryService_actionPerformed ja javax swing JPanel QueryRoleTab _parent corbass poliey Policy _rolejavax swing JTextField QueryRoleTab corbass policy Polir makeChildrend void queryRole actionPerformed java javax swing JPanel GrantServiceTab _parent corbass poliey Policy _role javax swing JComboBox
25. ient int java lang String je getDiagnosis int java fang String getMedicaiHistony int java fang S getPatientt ist int java lang String getPaymentMode int java lang S getPrescription int Java lang Strir ifHasRight int in boolean removePatient int java lang Strin setPaymentModer int java lang S PDBServerQ maintjava lang Strinaf void t writeDiagnosis int java lang Strin writePrescription int java lang Str com inprise vbroker CORBA Object org omg CORBA portable IDLEntity interface PDBinterface org omg PortableServer Servant ing CORBA porabie invokeHandier PDBinterfacePOA ids java lang String broker CORBA portable Objectlmpl PDBinterfaceStub opsClass java lang Class idsjava lang String PDBlnterfaceStub0 idsQ java lang String addPatient int java lang String ja getDiagnosis int java lang String getMedicalHistoryCint java lang S getPatientList int java lang String getPaymentMode int java lang St getPrescription int java lang Strir tifHasRight int int boolean removePatient int java lang Strint setPaymentMode intjava lang St writeDiagnosis int java lang Strir writePrescriptionCint java lang Str methods java util Dictiona PDBinterfacePOAG all interfaces org omg Portable invokeCcorbass pdbserver PDBI _invoke java lang String org omg thisQ corbass pdbserver PDBInti thisCorg omg CORBA ORB corb
26. iew of the client server naming interactions 1 A server invokes bind to associate a logical name with an object reference H The Name Server adds this obj_ref name binding to its namespace database ii A client application invokes resolve to obtain an object reference with this name iv The client uses the object reference to invoke methods on the target object So the Name Server serves both clients and servers Servers export name object bindings to the Name Server clients then find these objects NameSpace 2 Name Server name 1 object 1 gt name 2 bject_2 gt name n object n 1 Bind name obj ref 3 Resolve name Client Server 4 Invoke service Figure 7 How Server and Clients interact with Name Server The CORBA Naming Service will exemplify its importance when there are a large number of objects in a distributed environment because what fundamental to CORBA is how to locate and manage the objects in an effective and efficient way CSE367 Research Lab 3 Security in DRE Middleware is software that enables seamless client server interactions in a distributed environment It uses an object oriented approach for creating software components that can be reused and shared among applications With the development of middleware people can take advantage of the distributed resources in local or global network area The most commonly used resources are Databases application servers These distributed
27. l patientID varchar2 10 not null userID varchar2 10 not null description varchar2 100 not null time date not null primary key presID table payment paymentID varchar2 10 not null patientID varchar2 10 not null userID varchar2 10 not null description varchar2 100 not null time date not null primary key paymentID 54 2 Methods of Patient DB Server ifHasRight tells if a user has right for a method based on the methods id public boolean ifHasRight int token int methodID method 0 getPatientMedicalHistory query PDB medicalHistory table returns the medical history of the queried patient only doctors and nurses have the right to do so public java lang String getMedicalHistory int token java lang String patientID Method 1 getDiagnosis Querys PDB medicalHistory table Returns all the diagnosis of the queried patient Only doctors and nurses have the right to do so CSE367 Research Lab public java lang String getDiagnosis int token java lang String patientID Method 2 getPrescription Querys PDB prescription table Returns the prescription history of the queried patient Only doctors and nurses have the right to do so Si public java lang String getPrescription int token java lang String patientID Method 3 getPaymentMode Querys PDB payment table Returns the payment history of the qu
28. le Panel fey Hole bared Policy Chen Dip Hop Role Resource Craate rase Role Grant Resource Grant Service Grant Method Grant IP Query Rote doctor Description doctor role for POB Create Erase Gear 3 3 Resource Panel BA Role based Policy Client Piel x He Help Rote Resource Resource rare Wat Add Methodto Service Query Resource patient db Method all All oer alHistory 3 4 Role Query window e BEE Role doctor EN Resource patient db Service Method patient db getMedicalHistory patient db getDiagnosis patient db getPrescription patient db writeDiagnosis patient db writePrescription Users fei jin IP address which this role has description dorctor role for PDB 30 CSE367 Research Lab 4 Enforcement Client 4 1 Authentication Dialog E Enforcement Client Authentication security_admin 4 2 User Panel S Role based Enforcement Client 05 01 2001 06 01 2001 Charles Phillips 4 3 User Query window begin date 2001 04 20 00 00 00 0 end date 2010 04 20 00 00 00 0 role doctor nurse description fei qao 31 CSE367 Research Lab 5 Patient DB Client 5 1 Authentication window em PDB Client Authentication 5 2 Query Panel E3 PDB GUI Client PRESID PATIENTID USERID DESCRIPTION TIME 1 pl fei Flovent 2001 04 30 00 00 00 0 32 CSE367 Research Lab 5 3 Update Panel
29. n security clients remotely invoke the methods provided by security server to create roles etc 7 Security Server responds the invocations of each security client by modifying the security database and returning the result to each security client 5 1 2 Patient DB Server and GUI Client Access Security Server Figure 9 shows how Patient DB Server and GUI Client access Security Server CSE367 Research Lab Patient DB GUI Client 9 Register Security Server 8 Return Service Stubs lt 7 Lookup services 14 Succeed N A 10 Get a token 4 NN VISUM 5 Registe 11 Remote Method isibroker Naming Service 6 Get a token Invocation 6 edi N 12 Chec ermissiOn x 3 Return service stub 2 Lookup security services 4 Register we 13 Permission OK Patient DB Server 1 Figure 9 Patient DB Server and GUI Client Access Security System rvices 2 Patient DB Server looks for security services in Visibroker Naming Service 3 Visibroker Naming Service finds security services and returns the service stub to Patient DB Server 4 Patient DB Server registers with Visibroker Naming Service to publish its services 5 Patient DB Server registers itself and its methods with Security Server as a resource by inputting user ID and password 6 Security Server generates a token for Patient DB Server 7 Patient DB GUI Client looks for security services and Patient DB services in Visibroker Naming Service 8 Visibroker N
30. ortable BoxedVaiueHeiper Seq 1StringHelper instance corbass pdbserver Seg H e org omg CORBA TypeCode Seq1 StringHelperd rbQ org omq CORBA ORB extract orqg oma CORBA Any java tid java lang String insert org omg CORBA Any java read org omg CORBA portable In read value org omg CORBA port typed org omg CORBA TypeCode writeCorg omg CORBA portable write_valueCorg omg CORBA port _id java lang String java lang Object getRecords java lang String java iHasRightCintint boolean removePatient int java lang Strin setPaymentModecint java lang St updateMedicalHist java lang Strin updatePatientTab char java lang updatePayment java lang String j updatePrescription java lang Strin writeDiagnosis int java lang Strir writePrescription int Java Jang Str securityServerinterface corbass ss p omg CORBA portable Streamabie Seq1StringHolder value java lang String 5eq1 StringHolderQ 5eq1 StringHolder java lang Strin read org omg CORBA portable l typeQ org omg CORBA TypeCod writeCorg omg CORBA portable 39 CSE367 Research Lab 6 Package corbass common javax swing JDialog XmDialog INTERBUTTON GAP int m_buttons javax swing JButton xmDialog xXmDialog java awt Dialog java la KmDialogCjava awt Frame java la disposeDialogQ void hideDialogQ void actionListener java awt event Actiol lowerChild java lang String upperChild javax swing
31. product of Object Management Group OMG It defines a DRE that allows distributed applications to interoperate with each other application to application communication regardless of whether they are written in Java C or other languages or where these applications reside CORBA uses an object oriented approach for creating software components that can be reused and shared between applications First each service object presents each client object a well defined interface to encapsulate its inner details through well known IDL Interface Definition Language which reduces application complexity Then as the middleware ORB Object Request Broker connects a client application with the service objects it wants to use The client program does not need to know whether the service object which it is in communication with resides on the same computer or on a remote computer The client program only needs to know the interface s name of the service object and understand how to use the interface The ORB takes care of the details of locating the object routing the request and returning the result CSE367 Research Lab 13 How CORBA Works There are a large number of scenarios where CORBA could be applied For example A new printer can be connected to the network and announce its presence and capabilities A client can then just send print command without having to be specially configured to use this printer CORBA passes the request to
32. rce pdbclient pdbserver common sserver PDBGUI UpdateRecordPanel QueryPatientPanel AddRemovePatientPanel PDBFrame PDBClient seq1 StringHolder SecurityCommonintertacePOA SecurityCommoninterfaceHelper SecurityCommoninterfaceStub SglStringHolder SecuritvOfficerinterface SecuriyvOflicerinterface peration SecurityOfficerlnterfaceHolder SecuritvCommoninterface SecurityServerinterfaceHelper SglStringHelper SecuritvServerinterfacePOA SecurityServerlnterfaceStub SecurityOfficerinterfaceHelper SecurityOfficerinterfaceStub SecuritySystemResourcelD SecurityServerinterfacelmpl SecurityOfficerinterfacePOATie SecuriyCommoninterface perat SecurityCommoninterfacePOATie SecurityOfficerintertacePOoA seq1 StringHelper SecurityCommoninterfaceHolder SecurityServerinterfaceHolder SecurityServerinterfacePOATie SecuritySemerinterface peration SecurityServerintertace SecurityServer 35 2 Package corbass policy javax swing JPanel RegisterResourceTab parentcorbass policy Policy security corbass sserver Security res javax swing JComboBox currentRes java lang String begin date javax swing JTextFiel end date javax swing JTextField descjavax swing JTextField avres java util Vector RegisterResourceTab corbass po changeDescriptionboxd void makeChildren void registerResource_actionPerforme unregisterResource actionPerforr javax swing JPanel GrantIPTab p
33. s table public java lang String queryAllResources Query IDs of all methods from method table CSE367 Research Lab public java lang String queryAllMethodIDs java lang String arg0 Query names of all methods from method table public java lang String queryAllMethodNames java lang String arg0 Query descriptions of all methods from method table public java lang String queryAllMethodDescs java lang String arg0 Query all roles from role table public java lang String queryAllRoles Query all users from users table public java lang String queryAllUsers Query all tokens from token table public java lang String queryAllTokens 5 3 New functions of Security Clients e We changed the appearances of all the panels including layout borders and so on e Drop down menus are added for selection of methods resources roles and users 5 4 New functions of Patient DB Server We designed the architecture of Patient DB and methods depicted as follows 54 1 Patient DB table patient patientID varchar2 10 not null patientName varchar2 30 not null primary key patientID CSE367 Research Lab table medical History histID integer not null patientID varchar2 10 not null userID varchar2 10 not null diagnosis varchar2 100 not null time date not null primary key histID table prescription presID varchar2 10 not nul
34. this printer and then the printer executes the command So how does it work How can a client use the printer without knowing where is the printer Here where means the network address of the printer Of course the client knows the geographic location of the printer Let s take a look at the magic 1 3 1 Components Basically ina CORBA environment there are three kinds of players see Figure 1 e Server which provides services such as a printer e Client which uses services such as printing files e CORBA Lookup Service which connects the server and the client CORBA Lookup Service Figure 1 Components in a CORBA environment 1 3 2 Service Stub Proxy and Skeleton In order to know how CORBA works first we need to know what are service stub proxy and skeleton They are actually two objects created by server When the client finds the service a stub object not the real implementation object is downloaded to the client Afterwards the client uses it to communicate back to the service skeleton which will pass the request to the real CSE367 Research Lab service implementation Finally the running results are passed by the service skeleton to the service stub in client side The stub is part of the service that is visible to clients but its function is to pass method calls back to the server see Figure 2 Client Server Service Implementation Message Passing 2 Call Return Service Skel
35. ueryPanel UpdatePanel AddRemovePanel WindowListener javax swing JPanel QueryPatientPanel patient javax swing JTextF ield resultjavax swing JTextArea query javax swing JButton clearjavax swing JButton token int choice java lang String pdh corbass pdbserver PDBinterfs QueryPatientPanel corhass pdbcli MakePanel void appendResult java lang String queryActionPerformed java awt es setPanelEnabled boolean void CSE367 Research Lab UpdateRecordPanel patient javax swing JTextF ield user javax swing JTextF ield description javax swing JTextF ield time javax swing JTextField update javax swing JButton clearjavax swing JButton token int choice java lang String pdb corbass pdbserver PDBinterfz UpdateRecordPanel corbass pdbt MakePaneld void selPanelEnabled booleanvoid updateActionPerfomed java awt e 38 CSE367 Research Lab 5 Package corbass pdbserver interface PDBinterfaceOperations java lang Object PDBResourcelD PATIENT DB RESOURCE NAME PATIENT DB RESOURCE DESI PATIENT DB METHOD ID java l PATIENT DB METHOD NAME ja PATIENT DB METHOD DESCRI PDBResourcelD Q java lang Object j omg CORBA portable Streamabie PDBinterfaceHolder value corbass pdbserver PDBInte PDBinterfaceHolder PDBinterfaceHolder corbass pdb _read org omg CORBA portable l _typeQ org omg CORBA TypeCod writeCorg omg CORBA portable javax swing JFrame PDBServer t addPat
36. va makeChildrend void javax swing JPanel GrantNPResourceTab _parent corbass enforce Enforce _id javax swing JComboBox res javax swing JComboBox GrantNPResourceTab corbass en grantRole actionPerformed java makeChildrend void revokeftole actionPerformed jave CSE367 Research Lab javax swing JPanel QueryTokenTab _parent corbass enforce Enforce tokenjavax swing JTextField QueryTokenTab corbass enforce E makeChildrenQ void aueryToken actionPerformedCjav 37 4 Package corbass pdbclient javax swing JFrame PDBGUI pdb corbass pdbserver PDBInterfz security corbass sserver SecurityS _id java lang String passwd java lang String rolejava lang String PDBGUICjava lang Object java lat authend void PDBInterface corbass pdbserver P securityServerlnterface corbass ss token int java lang Object PDBClient Po PDBClient tmain java land Stingf void javax swing JPanel java awl event ActionListener AddRemovePatientPanel patientlD javax swing JTextField patientName javax swing JTextFiel ad javax swing JButton clearjavax swing JButton token int choice java lang String pdb corbass pdbserver PDBlnterfe AddRemovePatientPanel corhass MakePanel void actionPerformed java awt eventA selPanelEnabled hoolean void javax swing JFrame PDBFrame owner corbass pdbclient PDBGUI pdb corbass pdbserver PDBInterfar token int PDBFrame corbass pdbclient PDE makeMenus void Q
37. ver security clients including policy client and enforcement client and security database a Security Server Provides security service to other components It has a attached security database that stores roles users etc b Security Database Stores all the roles users and other security data Only Security Server can update security database c Policy Client Creates roles grants resources to roles and designates IP to roles d Enforcement Client Creates users and grants roles to users 4 1 3 Resource Patient DB The resource provides services for use by the client In our project Patient DB Server and Patient Database provide a resource called patient DB to the client a Patient DB Server Publishes its methods for client to invoke remotely These methods are about writing prescription querying patients and so on b Patient Database Stores all the patient information data Only Patient DB Server can update Patient Database 4 1 4 Resource Client Patient DB Client Patient DB GUI Client is the client which provides a GUI for users to register drop and query courses 4 2 Overall Structure This project combines CORBA with role based access control to build a security system The overall structure is shown in Figure 7 CSE367 Research Lab Resource ETE eebe oh Security System Patient DB Server Patient YA CORBA j Database Lookup NS a Service i Policy Client Enforcement Security
38. vice But this time it does something different from the server which is to download the service stub from the CORBA lookup service and store it on the client See Figure 4 Client CORBA Lookup Service Registrar Proxy Registrar Figure 4 Client Lookup 1 3 5 Final Structure Finally after service registration and client lookup the final structure is shown in Figure 5 The client gets the service stub which it uses to invoke remote methods located on the server CSE367 Research Lab side The server responds the client by sending the returning result of remote method invocation back to the client Client CORBA Lookup Service Server Service Object Service Stub Figure 5 Final Structure 1 4 Advantages and Disadvantages Actually there exist some other middle wares that have similar functions as CORBA such as JINI RMI DCOM Servlet etc However CORBA has its own advantages and disadvantages depicted as follows Advantages e In CORBA environment the client and the server don t need to know each other s location e It supports multi language applications the client can be written in Java while the server in C e It supports multi platform applications the client can be run in UNIX while the server in NT e CORBA provides some other services such as Naming Service Event Service etc Disadvantages Its running speed is relatively slow Its security mechanism is under development
39. w org omg CORBA Object b read org omg CORBA portable In read_Object org omg CORBA pol typel ord oma CORBA TypeCode unchecked narrow Corg omg COF writecorg omg CORBA portable O write Object org omg CORBA po _id java lang String _type org omg CORBA TypeCode _id java lang String PDBinterfacePOATie delegate corbass pdbserver PDE poa org omg PortableServer POA PDBInterfacePOATie corbass pdl PDBinterfacePOATie corbass pdl default POAQ org omg Portablet delegateQ corbass pdbserver PL _delegate corbass pdbserver PD addPatient int java lang String ja getDiagnosis intjava lang String getMedicalHistoryCint java lang S getPatientList int java lang String getPaymentModecint java lang St getPrescription int java lang Strir ifHasRight int int boolean removePatient int java lang Strini setPaymentMode int java lang St writeDiagnosis int java lang Strir writePrescriptionCint java lang Str PDBinterfacelmpl _token int _con java sql Connection stmtjava sal Statement security corbass sserver Security username java lang String accessOrOracle int errorMsg java lang String PDBinterfacelmpl java lang Objec addPatient int java lang String ja getDiagnosis int java lang String getMedicalHistoryCint java lang S getPatientListCint java lang String getPaymentModecint java lang St getPrescription int java lang Strir java lang Object ZORBA p

(CORBA) CSE367 Reasearch Project Security (F. Gau, D. Wang)

Contents

Download Pdf Manuals

Related Search

Related Contents