Optimising security in distributed telecom applications
Through the project, OpenPMF Policy Framework Management has been developed. This is a framework for the management and enforcement of security policies in complex distributed systems. It has been designed to overcome the shortcomings of other security systems, such as the Common Object Request Broker Architecture, CORBA. Using an abstract model of distributed systems and middleware, abstract model security policies were developed on a platform independent model, PIM. This was then transferred to the specific platforms of other security mechanisms. OpenPMF consists of a compiler for the Policy Definition Language, PDL, a Policy Repository, a generic Policy Evaluator and mappings to CORBA and CORBA Component models, CCMs. The PDL is a human readable, technology independent language, which specifies the security policy. It is based on an abstract notation of the entities in distributed systems This is stored centrally in the Policy Repository. From here it can be accessed and optimised. The Policy Evaluator is used to interpret the security rules and make security policy decisions based on abstract attributes During start up of the system under protection, the Policy Repository provides the policy for the system. This policy is operated during the running of the system and the Policy Evaluator assesses whether certain functions are permitted or not. The information for these selections are passed to Transformers. These transformers are integrated manually with the underlying technology in use. OpenPMF currently includes Transformers for CORBA/CORBA Security1.x CCM and CSIv2. OpenPMF reduces cost and labour. Complex policies are easily defined and for component based applications functional aspects are treated separately. Further research to enable the system to reach full potential is invited.