Security Guide : Quality of Protection

Quality of Protection
VisiBroker's extensions of standard CORBA policies include an implementation of Quality of Protection (QoP) which provides another level of fine-grained control over your run-time security requirements.
There are two types of QoP:
Setting properties and QoP
There are several properties that can be used to ensure the Quality of Protection of a connection. These properties can be used to fine-tune connection quality.
For example, you can set the appropriate cipherList property for SSL connections to set cryptography strength:
vbroker.security.cipherList for TLSv1.2 and earlier
These properties can be set to a list of comma-separated ciphers to be enabled by default on startup. If not set, a default list of cipher suites will be enabled.
QoP properties can also be set programmatically using ServerQoPConfig and the ClientQoPConfig for servers and clients, respectively. For more information, see “Configuring Quality of Protection(QoP)”.
These APIs allow you to set target trust (whether or not targets must authenticate), the transport policy (whether or not to use SSL or another secure transport mechanism specified separately). For servers, an AccessPolicyManager that can access the RoleDB is set to access policies for POA objects. For more information on AccessPolicyManager, see “class csiv2::AccessPolicyManager”.
Configuring Quality of Protection(QoP)
Configuring QoP for the server
The complete code of ServerQoPConfigValueFactory is as follows:
package com.borland.security.csiv2;
import com.borland.security.csiv2.ServerQoPConfigValueFactory;
import com.borland.security.csiv2.ServerQoPConfig;
import com.borland.security.csiv2.AccessPolicyManager
 
public class ServerQoPConfigDefaultFactory
implements ServerQoPConfigValueFactory {
public ServerQoPConfig createConfig ( boolean disable,
short transport,
short idType,
boolean
enableIdAssertion,
java.lang.String[]
 
realms, AccessPolicyManager access_manager )
 
{
return new ServerQoPConfigImpl(disable, transport, idType, enableIdAssertion, realms, access_manager);
 
}
}
disable = security is disabled/enabled for this POA, When security is disabled, the rest of the settings become irelevant.
In this package:
transport has three possible values:
idType has the possible values of com.borland.security.csiv2.ServerQoPPolicy.
enableIdAssertion = true/false. When set to false, this server cannot accept caller identity propagated through a CSIV2 Authorization token.
realms[] is an array of strings, specifying the names of all realms that this POA can accept identity of. The default value is ‘null’ meaning there are no configured realms in this ORB.
access_manager is, for authorization purposes, the AccessPolicyManager responsible for this POA. The default value is ‘null’ meaning there is no authorization.
For configuring QoP for the server, follow the steps as given below:
1
2
3
For more information on transport methods and other QoP related parameters, see “class vbsec::ServerConfigImpl”.
4
ServerQoPConfig config = new ServerQoPConfigDefaultFactory().create(false,ServerQoPPolicy.SECURE_ONLY,true, null);
5
Any any = orb.create_any();
ServerQoPConfigHelper.insert(any, config);
Policy qop = orb.create_policy(SERVER_QOP_CONFIG_TYPE.value, any);
Configuring QoP for the client
The initial step of creating a QoP is to create a QoPConfig and specify the security requirements that must be enforced through the config.
To create a ClientQoPConfig, you can use its default factory as follows:
...
...
com.borland.security.csiv2.ClientQoPConfig myconfig =
new com.borland.security.csiv2.ClientQoPConfigDefaultFactory().create
 
/* transport = */ com.borland.security.csiv2.ClientQoPPolicyOperations.CLEAR_ONLY,
 
/* Other possible values for above are SECURE_ONLY and USE_ANY*/
 
/* trustInTarget= */ true
 
);
 
The complete code of ClientQoPConfigDefaultFactory is as follows:
package com.borland.security.csiv2;
 
public class ClientQoPConfigDefaultFactory
 
implements
com.borland.security.csiv2.ClientQoPConfigValueFactory {
public com.borland.security.csiv2.ClientQoPConfig create ( short trans,
boolean trustInTarget ) {
return new ClientQoPConfigImpl( trans, trustInTarget );
}
}
1
org.omg.CORBA.ORB orb = org.omg.CORBA.ORB.init(args,null);
byte[] managerId = "BankManager".getBytes();
Note: For client, QoP is set as follows:
For method to be secure, set transport = secure only
Set trust in target = false. (With this, server need not provide authentication for client).
For more information on transport methods and other QoP parameters, see “class vbsec::ClientConfigImpl”.
ClientQoPConfig cc = new ClientQoPConfigDefaultFactory().create( ClientQoPPolicy.SECURE_ONLY, false);
 
org.omg.CORBA.Object managerObject =
Bank.AccountManagerHelper.bind( orb, "/bank_agent_poa", managerId );
2
Any any = orb.create_any();
ClientQoPConfigHelper.insert( any, cc);
3
Bank.AccountManager manager = Bank.AccountManagerHelper.narrow(
managerObject._set_policy_override(
new Policy[] { orb.create_policy( CLIENT_QOP_CONFIG_TYPE.value, any)
},
SetOverrideType.SET_OVERRIDE));
4
org.omg.CORBA.Object accountObject = manager.open( name);
5
Bank.Account account = Bank.AccountHelper.narrow(
accountObject._set_policy_override(
new Policy[] { orb.create_policy( CLIENT_QOP_CONFIG_TYPE.value, any) },
SetOverrideType.SET_OVERRIDE
)
);
6
System.out.println("The balance in " + name + "'s account is $" + account.balance() );
} catch( Throwable e) {
synchronized( System.err) {
e.printStackTrace();
}
}
}
public static void main(String[] args) {
if ( args.length != 0) {
System.err.println( "Usage : vbj -DORBpropStorage=client.properties Client");
System.exit(1);
}
Client cln = new Client();
cln.test(args);
}
}
Configuring Quality of Protection (QoP) parameters
When clients and servers communicate, they both need to agree on some parameters for the Quality of Protection (QoP) that will be provided. The resource host (the server) will:
Note
By definition, a required QoP is also a supported QoP.
For example, a server may support and require secure transport (SSL) while it may support authentication but not require it. This is useful, for example, in the case where some resources are not sensitive and anonymous access is acceptable. For more information about QoP and QoS parameters:
C++
See “QoP API” on page 146.
Java
See com.borland.security.csiv2 and “Security Properties for Java”.