CORBA Firewall Security: Increasing the Security of CORBA Applications

Traditional network firewalls prevent unauthorised access and attacks by protecting the points of entry into the network. Currently, however, there is no standard mechanism by which a firewall identifies and controls the flow of Internet Inter-ORB Protocol (IIOP), that has become the de-facto standard interoperability protocol for Internet providing "out-of-the-box" interoperation with ORBs, and is based on vendor-neutral transport layer. The OMG’s intention in proposing its CORBA Firewall Security is to provide a standard approach to the control of IIOP traffic through network firewalls, allowing controlled outside access to CORBA objects, thus increasing their accessibility and security. This article describes and analyses the OMG’s CORBA Firewall Security, paying special attention to such issues as the specific problems associated with it, how current firewall techniques are used to control CORBA based communication, their potential limitations and how these might be overcome, and the various aspects of firewall traversal. In addition, a possible CORBA firewall application scenario is presented. Some CORBA Firewall compliant products are emerging on the market, and this current trend in the implementation of CORBA firewall products will also be described.