1 CORBA Firewall Security: Increasing the Security of CORBA Applications Habtamu Abie Norwegian Computing Center P. O. Box 114 Blindern, 0314 Oslo, Norway Tel.: +47 22 85 25 95, Fax: +47 22 69 76 60 abie@nr.no, http://www.nr.no/~abie January 2000 Abstract Traditional network firewalls prevent unauthorised access and attacks by protecting the points of entry into the network. Currently, however, there is no standard mechanism by which a firewall identifies and controls the flow of Internet Inter-ORB Protocol (IIOP), that has become the de-facto standard interoperability protocol for Internet providing "out-of-the-box" interoperation with ORBs, and is based on vendor-neutral transport layer. The OMG’s intention in proposing its CORBA Firewall Security is to provide a standard approach to the control of IIOP traffic through network firewalls, allowing controlled outside access to CORBA objects, thus increasing their accessibility and security. This article describes and analyses the OMG’s CORBA Firewall Security, paying special attention to such issues as the specific problems associated with it, how current firewall techniques are used to control CORBA based communication, their potential limitations and how these might be overcome, and the various aspects of firewall traversal. In addition, a possible CORBA firewall application scenario is presented. Some CORBA Firewall compliant products are emerging on the market, and this current trend in the implementation of CORBA firewall products will also be described. Keywords: CORBA firewall security, object access control, computer network security. 1 Introduction Nowadays networks are subject to continual change and modification as they are adapted to changing circumstances and new situations brought about by reorganisations, acquisitions, outsourcing, mergers, joint ventures and strategic partnerships. In addition, networks are increasingly connected to the Internet. Due to these developments, the maintenance of security has become a far more complicated matter than hitherto. Common Object Request Broker Architecture (CORBA) has become the de-facto standard. Its extensive infrastructure supports all the features required by new business situations of the type mentioned above, and its increasing use in open systems necessitates the development of sophisticated security technologies at the interface between networks of different security domains such as between Intranet and Internet or Extranet. The best way of ensuring interface security is the use of a firewall.