A. Dowling et Jg. Keating, A proxy-based security architecture for Internet applications in an extranet environment, J SYST SOFT, 58(2), 2001, pp. 107-118
Current Internet communications security is typically provided by the integ
ration of secure transport functionality into client and server software. T
wo problems arise with this approach: Firstly, the use of integrated securi
ty services requires modification to the existing Internet applications, re
quiring re-development and re-deployment projects. Secondly, high-level sec
urity services such as authorisation are not provided by secure transport p
rotocols, requiring applications to rely on customised (and often insecure)
mechanisms for the provision of such services. We propose a platform-indep
endent system that uses proxy applications to provide both secure transport
and authorisation services transparently to existing Internet applications
. We demonstrate that our approach requires no modification to existing app
lications, and that our security services are based on existing and widely
used technologies. We discuss the merits of our architecture in the context
of the intended deployment environment: an Internet-based heterogeneous pr
ivate network such as an extranet or Virtual Private Network (VPN). We show
that our approach achieves its goals at the expense of introducing a minor
degree of performance loss into overall client-server communications, yet
we maintain that this performance loss is a minor expense in relation to th
e advantages of the system as a whole. (C) 2001 Elsevier Science Inc. All r
ights reserved.