H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

AN TOAN BAO MT TRONG H PHN TAN KHI DNG CC NGN NG V C T : JAVA, CORBA, COM+
Hc vin : Trn Anh MSHV : CB091296 Ging vin hng dn : V Th Hng Giang

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

Ni dung
Ni dung ..........................................................................................................................................2 I.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn JAVA...............................................................................................................................................3 a.S lc v ngn ng lp trinh JAVA :.....................................................................................3 b.Phng thc bo mt Sandbox : .............................................................................................5 c. Phng thc kim tra m sau khi bin dch ( Byte code Verify)...........................................6 d. Phng thc np cc lp Applet ( Class Applet Loader ): ....................................................6 e. Qun l bo mt (Security Manager) : ...................................................................................7 f.Hm API bo mt (API Security) : .........................................................................................7 Tm li : ..........................................................................................................................................7 II.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn COBRA ....................................................................................................................................8 a.Gii thiu v COBRA :............................................................................................................8 b.Kin trc c bn :.....................................................................................................................8 c.Nhn dng v xc thc : ........................................................................................................10 d.y quyn v xc nhn truy cp : ...........................................................................................11 e.Security Auditing ( Tm dch kim nh an ninh):................................................................11 f.m bo tnh khng th t chi (Non Repudiation) : ...........................................................11 g.Qun tr bo mt (Security Administrator):...........................................................................11 III.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn COM+ ....................................................................................................................................12 a.Kin trc COM+:....................................................................................................................12 b.Role-based security : .............................................................................................................13 c.Impersonation and delegation:................................................................................................13 d.Chnh sch hn ch phn mm (Software restriction policies):............................................13 IV. Tm tt ....................................................................................................................................13

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

AN TOAN BAO MT TRONG H PHN TAN KHI DNG CC NGN NG V C T : JAVA, CORBA, COM+
Co nhiu vn tn tai cn giai quyt v an toan va bao mt trong h thng phn tan. Trong khi o i vi cac h thng ca nhn thi vn an ninh li it phc tap nh cac h thng phn tan, vi du nh mt may tinh ca nhn ma khng co cac ng dung cn d liu t bn ngoai ( khng thng qua h thng mang thi vic bao mt se d dang hn ). i vi kin truc h phn tan, trong bao mt con phu thuc vao s lng nut (node) phn tan va kha nng tai mt nut. Vi vy vn ln nht cua cac h phn tan la tinh bao mt cua toan h thng. Vn t ra cho chung ta la vic phai tim hiu cac phng thc va vic x ly vn bao mt khi xy dng cac h phn tan vi cac ngn ng va c ta thng dung nh JAVA, COBRA, COM +. Vic tim hiu nay rt quan trong i vi cac nha phat trin khi thit k cac h thng phn tan da trn ba ngn ng va c ta nay. Trong bai tim hiu nay chung ta bo qua cac vn bao mt cua toan h thng nh : tng la, vic cp nht cac ban va li . I.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn JAVA. a.S lc v ngn ng lp trinh JAVA : Chng ta bit n Sun Microsystems nh mt nh sn xut phn cng vi cc trm lm vic UNIX. Trn thc t, hng Sun cng pht trin phn mm, c bit ni ting l h iu hnh Solaris v h thng tp tin mng (Network File System - NFS). Nm 1990, Sun Microsystems bt u thc hin d n c tn gi Green nhm pht trin phn mm trong cc thit b in t dn dng. James Gosling, chuyn gia lp trnh phn mm mng c giao trch nhim thc hin d n. Ban u, Gosling s dng C++ vit phn mm iu khin, hin th s cho thit b nh VCR (Video Cassette Recorder), PDA (Personal Digital Assistant). Nhng ngay sau , Gosling pht hin ra rng C++ khng phi l ngn ng thch hp cho cng vic ny. Ngn ng C++ mm do iu khin h thng, nhng n li d gy ra nhng li dn n treo h thng. Mt cch chi tit hn, C++ xm nhp trc tip n ti nguyn h thng, yu cu ngi lp trnh phi t mnh qun l cc ti nguyn ny. iu ny to thnh mt ro cn khng cho C++ tr thnh mt cng c vit cc phn mm c tin cy cao, tnh tng thch ln, c bit trong vic iu khin cc thit b in t dn dng. Gosling gii quyt vn ny bng cch to ra mt ngn ng lp trnh mi c tn l Oak. Ngn ng ny c c php ging nh C++, nhng b qua cc tnh nng "nguy him" ca C++ nh truy cp trc tip ti nguyn h thng, cc

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

php ton vi con tr, np chng tc t. Oak c thit lp vi mc ch to tnh tng thch cao (chy trn nhiu loi chip khc nhau), gip cc nh sn xut thit b c th thay i kiu phn cng m khng phi vit li phn mm trc . Khi ngn ng Oak trng thnh, World Wide Web cng ang bc vo thi k pht trin mnh m, v i ng pht trin phn mm ca Sun thy rng y cng l ngn ng c bit thch hp cho Internet. Vo nm 1994, h a ra WebRunner, mt trnh duyt Web vit bng Oak (sau ny trnh duyt ny c i tn thnh HotJava v hin nay vn ang c tip tc pht trin). Cui cng, vo nm 1995, Oak c i tn thnh Java (do mc ch thng mi) v a ra trnh din ti SunWorld 95. T n nay, Java nhanh chng pht trin. Thm ch trc khi trnh dch Java u tin c a ra vo thng 1 nm 1996, Java c coi l mt chun cng nghip cho Internet. Trong 6 thng u nm 1996, nhiu nh sn xut phn mm cng nh phn cng ng u th gii mua bn quyn cng ngh Java t Sun, bao gm Adobe, Asymetrix, Borland, IBM, Macromedia, Metrowerks, Microsoft, Novel, Oracle, Spyglass v Symantec... Cc hng ny s kt hp Java vo cc sn phm ca h nh: cc phn mm, h iu hnh, cng c pht trin. Vy JAVA la gi ? cu tra li la Java l cng ngh cho php to ra cc phn mm phn tn (distributed software). y l nhng phn mm t trn my ch (server), c np v qua kt ni mng v thc hin trn my khch (client). Mc d c to ra t nhng nm 70, Internet ch thc s quyn r cc doanh nghip vo nhng nm 90 nh c s ra i ca World Wide Web. Web cho php ngi s dng truy cp trc tip cc thng tin trn Internet m khng cn phi hc cc lnh phc tp, cung cp thng tin trc tuyn v nhiu lnh vc vi hnh nh, m thanh,.. S ra i ca Java cho php Web tin xa hn na, bin cc trang Web tnh thnh cc ng dng sng ng, c th tng tc vi ngi s dng. Nhng l do cn bn mi ngi ch n Java l: + Cho php vit cc chng trnh mnh v tin cy. + Xy dng ng dng chy c trn hu ht cc phn cng v h iu hnh khc nhau (multi-platform). + Phn phi cc ng dng trn mng vi bo mt v an ton cao. Nh vy, c th ni Java thay i chc nng ca Internet, cng ging nh Web thay i cch tip cn vo Internet ca chng ta. Ni cch khc, Java chuyn mng t ch ch n thun cung cp thng tin v chia s ti nguyn sang ng vai tr h iu hnh. y chnh l nn mng cho php xy dng cc my tnh mng (Network Computer - NC) ca Oracle, IBM v Sun. Lp trinh phn tan trong JAVA chung ta gp 2 vn cn quan tm o la: Thng tin chung ta gi i gia cac im khac nhau co bi ly cp hay khng va toan b h thng chung ta vit trn nn tang cua JAVA co bi pha hoai hoc truy cp trai phep hay khng. Kin trc trong JAVA dng cho cc h thng phn tn c thit k sao cho vic bo mt trong ton h thng lun c xem xt. Cc nh lp trnh da trn kin trc ny vit cc chng trnh c chy t xa thng qua

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

ton b h thng phn tn. Mt kin trc m cc on m ca chng trnh t khp ni, tuy nhin iu khng phi l cc on m ny c th cha cc m c ( virus,). M ngun ca chng trnh JAVA s c vit v dch sang m my, ti my client n s c thc thi thng qua JAVA VITUAL MACHINE (VM) c ci t cc my con. My o ny c nhim v kim tra vic bo mt ca cc chng trnh khi thc thi, nhng g cn thit cn li cn ti t Internet s do VM m trch. Mt s phn kim tra an ninh s t ti cc my ch t xa, v cc client s thi hnh cc phng thc bo mt . V d nh : Phng thc bo mt Sandbox, kim tra xc nhn m chng trnh sau bin dch, v vic np cc Applet khi thc thi chng trnh, Security manager . Ngoi ra s cn cc bin php bo mt khc nh thng qua cc API ca ngn ng JAVA. b.Phng thc bo mt Sandbox : Trong kin trc cc h thng phn tn vit bng JAJA ngi dng s chu trch nhim xc nhn vic chy cc ng dng trn my client ( cc applet). Tuy nhin hu ht ngi dng u khng th xc nh liu cc Applet c ng tin cy hay khng. V vy cc Applet chy trn mt mi trng m ngi dng c bo v ti a, JAVA pht trin phng thc bo mt Sandbox. Trong cc ng dng JAVA khi chy trn my client, nhng on m no thng qua VM m xt thy l m c kh nng truy cp t xa s c gii hn quyn truy cp vo h thng ngi dng, cn nhng on m thc thi ti my client s c ton quyn truy cp. Tuy nhin trong mt s trng hp cc chng trnh cn thc thi ti my client nhng i ton quyn truy cp lc ny mi chng trnh s c k ng tin cy. ng thi cc chnh sch bo mt c thit lp s gip cho ngi qun tr ca h thng c quyn cho hay khng cho chy cc chng trnh.

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

Hnh 01 : M hnh phng thc bo mt Sandbox c. Phng thc kim tra m sau khi bin dch ( Byte code Verify) y l vic kim tra cc on m chng khi ang c thc thi v phn tch chng da trn cc kim tra c th. M byte s c kim tra qua 3 hoc 4 ln ty theo vic c hoc khng c phng thc ny c gi. Mt s phn tch s c th xem xt rng cc on m c b tnh trng tnh ton khng vn ton hoc trn ngn xp, vic nhy n cc on m bt hp php hay vic gi mo ch k, chng thc. d. Phng thc np cc lp Applet ( Class Applet Loader ): Mt chng trnh JAVA khi thc thi s c nhiu lp c thi hnh ( Class Applet ). Nhng lp ny ch c np vo khi c yu cu thi hnh. Khi ngi dng c yu cu s dng , np cc lp cn dng th Class Applet Loader s chu trch nhim qun l thi hnh vic ny. Cc Class trong JAJA s ng vi mt khng gian tn, ng vi mi khng gian tn s do mt Applet loader qun l. Class Applet Loader s chu trch nhim tnh ton vn ca cc lp trn khng gian tn m n qun l. JAVA cng xy dng cc lp c tc dng ngay ti my trm, tuy nhin n s c np mt cch t do m khng c cc bin php bo mt.

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

e. Qun l bo mt (Security Manager) : Thng thng khi pht trin ng dng trn JAVA, nh lp trnh thng mun bo v cc bin v cc phng php bng cch m t li cc lp (class) m khng ph thuc vo cc nhm m h ang vit. to s phn chia gia cc lp do ngi dng nh ngha v cc lp mc nh ca JAVA h thng ng chng li thnh cc gi ( Pakage ). Khi mt bin hoc mt phng thc c khai bo trong mt lp (Class) th chng c phn thnh 3 loi : Private, Protect, Public hoc c th h khng phn loi, khi ch c nhng lp no cng mt gi mi c th truy cp. Qun ly bo mt m bo rng lp no thuc gi no v c th c thi hnh nh th no. Vic cu hnh bo mt s c thi hnh bi cc chnh sch bo mt. Trnh duyt v cc Applet Viewer c phn h bo mt tch hp, nhng mc nh chng khng hiu cc ng dng JAVA. V vy JAVA phi cung cp cho cc nh pht trin cc phng php to ra cc lp m bo an ninh cho cc sn phm ca h. Tc l h s to cc lp bo mt ph thuc vo Security Manager ca JAVA. f.Hm API bo mt (API Security) : Ngoi cc phng php trn JAVA cn tng cng tnh bo mt thng qua cc hm API bo mt. Trn cc hm API khc nhau cc nh pht trin c th dng tao ra cc phng thc bo mt nh : Ch k s, xc nhn Applet, qun l khaKhi mt Applet c xc nhn n s c quyn chy trn my trm ( local ) nh l n ang cc b ca my ch khng phi l mt ng dng dng phn tn. Nh ni phn qun l bo mt cc chnh sch bo mt xc nh nhng chnh sch bo mt khi trao quyn cho mt Applet thc thi. Mc nh JRE cung cp ch k s, qun l kha Tm li : Vi bt k h thng no cho d c thit k c bo mt hay khng bo mt nhng vi kin trc phn tn da trn JAVA th vn bo mt c nhng c im ni bt nht nh. Vi cc bin mi trng CLASSPATH (dng xc nh v tr cc lp tham gia trong chng trnh). Nu bin CLASSPATH thay i n c th tr n tp hp cc lp khc ngoi d kin cng nh s xy ra cc trng hp chn m c. M ny c th thc thi m ngi dng khng h nhn thy s khc bit ca chng trnh.

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

II.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn COBRA . a.Gii thiu v COBRA : CORBA (Common Object Request Broker Architecture) , c pht trin bi Object Management Group (OMG), OMG l mt t chc tp hp c hn 800 nh pht trin v phn mm nhm a ra cc tiu ch gii quyt vn lp trnh phn tn hng i tng sao cho khng b ro cn bi ngn ng lp trnh v h iu hnh. Tc c ngha : Cc chng trnh d lp trnh bng ngn ng g cng c th giao tip c vi nhau. Cng c th ni CORBA l tp hp nhng c t v giao tip (IDL Interface Description Language) m t chc nng ca i tng thng qua cc hm phng thc thuc tnh, khng cha bt k m ci t no. Qu trnh pht trin ca OMG n hin nay xy dng n CORBA2. b.Kin trc c bn : CORBA l mt m hnh quy chiu nm tng cc chng trnh s dng mng, n coi nh vic truyn tin qua mng c bo m ; v ch thit lp cc chun lin lc gia cc phn phn tn ca ng dng (tng ng vi cc tng 5 v 6 ca m hnh OSI). Tm quan trng ca cc chng trnh phc v tng qut vic ng dng phn tn ny th hin qua vic ny sinh thut ng 'middleware', tm dch l phn do. CORBA nh th l mt chun ca h do, 'do' y c th hiu l gia cc b phn phn tn ca mt ng dng, hay gia tng ng dng trn v tng vin thng di. C th hnh dung mt cch gin lc CORBA qua hnh v sau :

Hnh 2. M hnh ha CORBA

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

Qua hnh ny ta c th ghi ch vi im sau : CORBA 1 ch yu c t giao din chun cho php s dng cc ORB (Object Request Broker). ORB gm nhng chng trnh phn tn trong cc my ca mng, qun l tn v a ch cc s vt tng ng dng, chng lin lc vi nhau bng mt giao thc ring. Chc nng ca ORB l lm mi gii (broker) cho php mt s vt trong my khch hng yu cu s dng (request) mt s vt trong my phc v, m khng cn bit n u. D nhin hai my ny phi dng cng mt h ORB v nm trong cng mt mng truyn tin trong ngha c v thit b ln h iu hnh mng. Tng ORBnm trn tng vn chuyn (tng 4, transport layer), v cc giao thc ca ORB khng cn chun ho. CORBA 1 khng ni g n cc chc nng chuyn i giao thc. Mt trm phc v cng c th cha nhng s vt khch hng ca nhng trm phc v khc, v trong mt ng dng khng nht thit ch c nhng quan h song phng. CORBA 2 c t s lin lc v vn hnh (interworking) gia cc ORB khc nhau qua mt giao thc trung gian tng qut gi l GIOP (General Inter-ORB Protocol). Giao thc ny s li s dng nhng loi giao thc 'm' khc nhau truyn tin qua cc loi mng khc nhau ; trong u tin v quan trng nht l giao thc IIOP (Internet Inter-ORB Protocol), cho php s dng Internet. Vic s dng cc loi mng trung gian khc ang c b tc dn. Chc nng chuyn i cc giao thc ORB c sang giao thc GIOP l trch nhim ca nhng ngi sn xut cc ORB khc nhau. CORBA 2 gii quyt c vn ca mt c quan dng mt mng nhng li c hai nhm my mi nhm mt ORB khc nhau A v B. Khi y hai my ca ng nhp li vi nhau thnh mt trm ch c chc nng chuyn i giao thc thi, bi khng cn mng trung gian. Nu mun hiu nng cao ngi ta c th loi tr lun GIOP, nhng khi y phi vit thm chc nng chuyn i thng gia cc giao thc ORB A v ORB B. Nhng nh trn ni, trong thc t CORBA 2 cha em li tin cy cho ngi dng nu thc s mun ni 2 ORB bng Internet hay mt k thut mng khc. N cha c t nhiu chc nng quan trng trong n v chuyn i giao thc, c bit l cha gii quyt s xung t vi chc nng tng chn la (firewall) trong my ca ng. Ngi ta phi i CORBA 3 mi hy vng thnh cng. im rt quan trng v c o ca CORBA, mt tin b rt ln so vi nhng c t v giao din trc n, l quan nim v giao din nh sn phm ca mt ngn ng m t, v vy rt mm do, rt tng qut, m li rt d dng. Ngn ng ny gi l IDL (Interface Definition Language, ngn ng m t giao din) 5 , mi s vt phc v cn c mt m t bng IDL (hay nhiu, mi m t tng ng vi mt cch dng khc nhau), c chp li bn pha s vt khch hng. Sau chng trnh bin dch s bin m t ny thnh hai chng trnh con, khch hng mt bn v phc v mt bn. Chnh hai chng trnh con ny l giao din cho php gi tng phc dch ORB lin h gia hai bn. Ngoi CORBA theo ngha hp ra, OMG cn c tham vng a vo m hnh OMA mt s chun v c t khc na m y khng cp, c bit trong

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

10

bn thn tng ng dng (tng 7 theo m hnh OSI). Nhng c gng v kin trc ny cha c g n nh, n va b xo trn bi, va c n gin ho nh s xut hin ca Internet v Java. Nh ni trong phn dn nhp, chnh nh c mt ngn ng nh Java v cng ngh tc t m vic chun ho cc giao din mc ng dng c n gin ho i rt nhiu, v nu nh trc th mi ng dng cn phi c ci t khng nhng chng trnh phc v trm phc v m cn chng trnh khch hng mi trm khch hng. Nu quan nim khch hng c th xut hin bt c lc no khp ni trn th gii v lin h vi trm phc v qua Internet th vic ci t kiu tr thnh v cng tn km. Ngy nay th chng trnh khch hng l mt tc t n gin c np t xa thng vo my ca ngi dng khi cn. Vi kin trc nh trn nn vn an ton khi trin khai CORBA cng mang tnh c th ring. Kin trc CORBA cho php nhm cc i tng c cng thuc tnh v bo mt v s c mt chnh sch an ninh p dng cho nhm ny chnh l ORB.ORB s kim sot cc qu trnh trao i gia bridges, gateways, and inter - ORB protocols.

Hnh 3. M hnh p dng chnh sch bo mt ca ORB Trong c t ca CORBA cng ni ti mt s cc phng thc v an ninh bao gm : nhn dng v xc thc, y quyn v kim sot truy cp, kim tra bo mt v quyn qun tr h thng. c.Nhn dng v xc thc : Nhn dng v xc thc l vic xc nh ngi dng ang s dng h thng c ng l ngi ch thc s hay khng bng cch kim tra mt khu ng nhp, nu mt khu ng c ngha ngi dng ny c xc thc v h

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

11

c quyn theo nhng iu khon m h thng quy nh trc . (Chimadia, 1998, Object Management Group, 2002). Sau khi nhn dng v xc thc CORBA s chuyn thng tin ngi dng qua h thng y quyn v xc nhn truy cp. d.y quyn v xc nhn truy cp : Sau khi ngi dng c nhn dng v xc thc, ng dng s kim tra quyn truy cp n cc i tng thng qua ORB, ni kim sot cc hot ng v an ninh ca CORBA. Lc ny mt chnh sch truy cp s c ORB xc nh thnh phn no cho php ngi dng truy cp,thnh phn no b t chi truy cp. e.Security Auditing ( Tm dch kim nh an ninh): Qu trnh ny cho php qun tr h thng pht hin nhng xm nhp tri php, hoc nhng c gng xm nhp, hay nhng vn nghi ng. N cho php cc qun tr vin xc nhn cc chnh sch an ninh c lm vic ng nh cu hnh. C hai mc kim nh an ninh trong CORBA : - Mc ng dng - Mc h thng Nhng ng nhp thnh cng s c kim nh li bi Security Auditing.Qu trnh kim nh ny s c p dng cho tt c cc ng dng v n s hu ch i vi cc ng dng m khng c thnh phn bo mt ring. f.m bo tnh khng th t chi (Non Repudiation) : Vic m bo tnh khng th t chi trong CORBA phi chc chn rng ngi dng phi chu trch nhim nhng g lm trn h thng. g.Qun tr bo mt (Security Administrator): Ngoi cc phng thc trn CORBA cn qun l an ninh theo mc ngi qun tr h thng ( Administrator) bng cch qun l tn min s dng. C 3 mc an ninh c chia ra khi p dng phng thc qun tr h thng s bao gm: - Chnh sch an ninh ca h thng - Mi trng an ninh - Cng ngh bo mt

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

12

III.Trnh by chi tit c ch, cc phng thc bo mt khi lp trnh xy dng cc h phn tn trn COM+ . a.Kin trc COM+: Tng t nh COBRA thnh phn COM+ (Component Object Model + ) chnh l nhng c t ca hng phn mm Microsoft trn c s b c t COM trc . B c t COM p ng cc m hnh 3 lp, cn COM+ p ng cc m hnh n lp. Cc thnh phn COM+ sau khi c ng gi s hon ton khng ph thuc vo ngn ng lp trnh hay c th ni c s lien kt ng gia cc thnh phn COM+ c trng chnh ca cc thnh phn COM+ l : - Thnh phn COM+ hon ton c lp vi ngn ng hin thc n. Thnh phn COM+ c th c hin thc bng nhiu ngn ng nh Visual C++, Visual Basic, Java .. - Thnh phn COM+ c s dng di dng m nh phn. - Thnh phn COM+ c th c nng cp m khng lm hng chng trnh ang chy. - Thnh phn COM + trong sut v v tr.

Hnh 4. M hnh kin trc COM+ Vn an ninh trong COM + c thc hin hon ton t ng v vy cc nh pht trin sn phm hon ton c th cc thnh phn bo mt ra khi thnh phn COM+ m h ang pht trin. iu ny gip cc nh lp trnh c th d dng hn trong vic bo tr cng nh pht trin sn phm, to iu kin bo mt mc cao hn v xuyn sut qu trnh pht trin sn phm, cng nh vic cu hnh mt chnh sch an ninh ring. Trong COM+ cho php cc nh pht trin to t ng ra cc chnh sch an ninh.Cc chnh sch an ninh trong COM+ bao gm : - Role-based security. - Impersonation and delegation.

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

13

- Software restriction policies. b.Role-based security : Role-based security l mt dch v c sn ca COM+, dch v ny c th m rng v vn xy dng v thi hnh cc chnh sch bo mt. Role-based security s khng t trong cc thnh phn COM+ ca nh pht trin, tuy nhin trong thnh phn s cha cc phng thc bo mt. Role-based security s c thc thi bi nhng cam kt hoc c lp trnh. Trong nhng cam kt v bo mt c th c thit lp ngay trn cc thnh phn COM+ tng t nh WINDOWS NT ng dng phn quyn i vi cc tp tin.iu ny c li th cho php cu hnh cc vn bo mt m khng cn phi bin dch li cc thnh phn. ng thi gii phng vic nh pht trin phi quan tm chi tit n bo mt trong cc thnh phn m h ang pht trin. Tuy nhin nu nh pht trin cm thy cn phi chi tit hn cc iu khon c h tr t ng th vic phi lp trnh l iu tt nhin. Ngoi ra xc nhn ngi dng khi ngi dng truy cp ti nhng ti nguyn ln hn trong h thng th COM+ phi thng qua h thng xc thc chng thc ngi dng. c.Impersonation and delegation: Thng thng, khi mt client truy cp mt ti nguyn th server phi m bo rng vic truy cp l c php v nhng thng tin m client ang truy cp l c php. iu ny c thc hin thng qua COM Impersonation. Trong trng hp nu h thng phn tn th Delegation s c s dng thng xuyn hn. Delegation s qun l vn mo danh trong mng. V d mt ng dng thng qua COM+ truy cp ti mt my ch trung gian, v yu cu truy vn vo my ch CSDL SQL th Delegation s c s dng. d.Chnh sch hn ch phn mm (Software restriction policies): Software restriction policies ra i cng vi vic pht hnh phin bn Windows XP, mt kin trc tng t nh bo mt Sandbox c JAVA s dng. Nhng m truy cp chp nhn s c truy cp ton quyn mc local, nhng m truy cp khng chc chn hoc nguy him s hn ch truy cp. C hai mc hn ch truy cp l : Khng hn ch v khng c php. Khng hn ch cho php m truy cp ti cc thnh phn m ngi dng c cho php cn khng c php th m s khng c truy cp ti cc thnh phn m ngi dng b cm. Chnh sch hn ch phn mm s c cu hnh thng qua cc giao din ha hoc lp trnh trong WINDOWS. IV. Tm tt . Quan nhng tm hiu trn c th ni vn bo mt l rt quan trng trong vic pht trin cc ng dng phn tn. Ni dung tm hiu ch yu ca bi vit xoay quanh vn gii thiu cc thnh phn bo mt trong ngn ng JAVA v c ch bo mt ca hai c t ph bin l CORBA v COM+. Do thi gian c hn cng nh kh nng tm hiu cn hn ch khng sao khng trnh khi nhng sai xt c th, mong c gio xem xt gp hon thin.

H c vin : Tr n Anh MSHV:CB091296 Mn h c : H Phn Tn

14

V. Ti liu tham kho : 1. Pattison, T. (2000, February). COM+ overview for Microsoft Visual Basic programmers. DevelopMentor, Retrieved September 6, 2002, from http://msdn.microsoft.com/library/default.asp?url =/library/enus/dncomser/html/complus4vb.asp 2.Sun Microsystems (n/d). Trail: security in Java 2 SDK 1.2. Retrieved September 4, 2002, from http://java.sun.com/docs/books/tutorial/security1.2/i ndex.html 3.Wheeler, D. M., Conyers, A., Luo, J., & Xiong, A. (2001). Java security extensions for a java server in a hostile environment. Computer Security Conference, 64-73. 4. Xingshe, Z., & Xiaodong, Li. (2000). Design and implementation of CORBA security service. Technology of Object-Oriented Languages and Systems, 140145. 5. H Quang Khi, K thut v cc m hnh lp trnh ng dng, cc kin trc COM, DCOM v cch thc hin cc ng dng trn kin trc ny. 6. V Tn Dng, (Common Object Request Broker Architecture).