The KIPS Transactions:PartC (정보처리학회논문지C)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

Secure Jini Service Architecture Providing Ubiquitous Services Having Persistent States

유비쿼터스 서비스 상태지속을 지원하는 안전한 Jini 서비스 구조

  • 김성기 (인천대학교 정보기술교육원) ;
  • 정진철 (인천대학교 컴퓨터공학과) ;
  • 박경노 (인천대학교 컴퓨터공학과) ;
  • 민병준 (인천대학교 컴퓨터공학과)
  • Published : 2008.06.30
Download PDF
⟨ Previous Next ⟩

Abstract

The ubiquitous service environment is poor in reliability of connection and also has a high probability that the intrusion against a system and the failure of the services may happen. Therefore, It is very important to guarantee that the legitimate users make use of trustable services from the viewpoint of security without discontinuance or obstacle of the services. In this paper, we point out the problems in the standard Jini service environment and analyze the Jgroup/ARM framework that has been developed in order to help fault tolerance of Jini services. In addition, we propose a secure Jini service architecture to satisfy the security, availability and quality of services on the basis of the analysis. The secure Jini service architecture we propose in this paper is able to protect a Jini system not only from faults such as network partition or server crash, but also from attacks exploiting flaws. It provides security mechanism for dynamic trust establishment among the service entities. Moreover, our secure Jini service architecture does not incur high computation costs to merge the user service states because of allocation of the replica based on each session of a user. Through the experiment on a test-bed, we have confirmed that proposed secure Jini service architecture is able to guarantee the persistence of the user service states at the level that the degradation of services quality is ignorable.

유비쿼터스 서비스 환경에서는 연결의 신뢰성이 낮고 서비스를 제공하는 시스템에 대한 침입이나 서비스 실패가 발생할 확률이 높다. 따라서 정당한 사용자가 보안상 신뢰할 수 있는 서비스를 중단이나 방해 없이 이용할 수 있게 하는 것이 중요하다. 본 논문에서는 표준 Jini 서비스 환경의 문제점을 지적하고 결함감내 Jini 서비스 개발을 돕는 Jgroup/ARM 프레임워크를 분석한다. 분석을 토대로 보안성과 가용성, 서비스 품질을 만족하는 안전한 Jini 서비스 구조를 제시한다. 본 논문에서 제시한 Jini 서비스 구조는 네트워크 분할이나 서버 붕괴와 같은 결함뿐만 아니라 취약점을 악용한 공격으로부터 시스템을 보호할 수 있으며 Jini 서비스 개체 간에 동적 신뢰를 확립할 수 있는 보안 메커니즘을 제공한다. 또한 사용자 세션별로 서비스 복제를 할당할 수 있어 사용자의 서비스 상태정보 일치를 위한 높은 연산비용을 유발하지 않는다. 테스트베드를 통해 실험한 결과, 서비스 품질 저하를 무시할 수 있는 수준에서 사용자의 서비스 상태지속을 보장하고 높은 보안성과 가용성을 제공할 수 있음을 확인하였다.

Keywords

References

  1. Sun Microsystems, “JiniTM Architecture Specification,” Published Specification, http://java.sun.com/products/jini/2. 0/doc/specs/html/jini-spec.html, 2003
  2. D.Szentivanyi and S. Nadjm-Tehrani, “Middleware Support for Fault Tolerance,” Chapter 28 in Middleware for Communications, Q. Mahmoud (Ed.), John Wiley & Sons, 2004
  3. Sun Microsystems, “Jini Technology Core Platform Specification.” Communication of the ACM, Vol.39, No. 4, pp.75-83, 1996
  4. Frank Sommers, “Jini Starter Kit 2.0 tightens Jini's security framework,” Los Alamitos, CA., IEEE Computer Society Press, 2003
  5. Hein Meling, et al., “Jgroup/ARM: a distributed object group platform with autonomous replication managements,” Software Practice and Experience, John Wiley & Sons, 2007
  6. Johannes Osrael, et al.,“Using Replication to Build Highly Available .Net Applications,” Proceedings of the 17th International Conference on Database and Expert Systems Applications, pp.385-398, 2006
  7. Marc Schonefeld. “Hunting Flaws in JDK,” In Blackhat Europe 2003. May 2003
  8. Heine Kolltveit et al., “Preventing Orphan Requests by Integrating Replication and Transactions,” LNCS 4690, Springer-Verlag Berlin, 2007 https://doi.org/10.1007/978-3-540-75185-4_5
  9. Hein Meling, et al., “Performance Consequences of Inconsistent Client-side Membership Information in the Open Group Model,” Proceedings of the 23rd IEEE International Performance, Computing and Communications Conference. pp.777-782, 2004 https://doi.org/10.1109/PCCC.2004.1395180
  10. M. Tichy, H. Giese. “An Architecture for Configurable Dependability of Application Services,” Proc. of the ICSE 2003 Workshop on Software Architectures for Dependable Systems. pp.65-70, Portland, OR. April 2003
  11. Peer Hasselmeyer, et al., “Trade-offs in a Secure Jini Service Architecture,” LNCS 1890, Springer-Verlag Berlin, 2000 https://doi.org/10.1007/10722515_16
  12. Pasi Eronen and Pekka Nikander. “Decentralized Jini security,” In Proceedings of the Network and Distributed System Security Symposium (NDSS 2001), pages 161–172, San Diego, California, February 2001
  13. Thomas Schoch, et al. “Making Jini Secure,” Proc. 4th International Conference on Electronic Commerce Research, pages 276-286, Nov. 2001
  14. Sun Microsystems, “Jini Technology Starter Kit Overview v2.0,” Published Specification, http://java.sun.com/developer/products/jini/arch2_0.html, 2003
  15. Sun Microsystems, “Java Secure Socket Extension(JSSE) Reference Guide for Java Platform Standard Edition 6,” http://java.sun.com/javase/6/docs/tech-notes/guides/security/jsse/JSSERefGuide.html#Features
  16. Reynolds, J. et al, “The Design and Implementation of an Intrusion Tolerant System,” Proc. of Int'l Conference on Dependable Systems and Networks, 2002
  17. Wang F., et al, “SITAR: A Scalable Intrusion-Tolerant Architecture for Distributed Services,” DARPA Informa tion Survivability Conference & EXposition, 2001
  18. Byoung Joon Min, et al. “Committing Secure Results with Replicated Servers,” LNCS 3043, Springer-Verlag Berlin, 2004
  19. Marshall Pease, Robert Shostak, Leslie Lamport, “Reaching Agreement in the Presence of Faults,” Journal of the ACM 27/2 228-234 1980 https://doi.org/10.1145/322186.322188
  20. Amir, Y. et. al., “Secure Group Communication Using Robust Contributory Key Agreement,” IEEE Transactions on Parallel and Distributed Systems, Vol.15, No.5, pp.468-480, May 2004 https://doi.org/10.1109/TPDS.2004.1278104