A proxy-based security architecture for Internet applications in an extranet environment

Citation
A. Dowling et Jg. Keating, A proxy-based security architecture for Internet applications in an extranet environment, J SYST SOFT, 58(2), 2001, pp. 107-118
Citations number
26
Categorie Soggetti
Computer Science & Engineering
Journal title
JOURNAL OF SYSTEMS AND SOFTWARE
ISSN journal
01641212 → ACNP
Volume
58
Issue
2
Year of publication
2001
Pages
107 - 118
Database
ISI
SICI code
0164-1212(20010901)58:2<107:APSAFI>2.0.ZU;2-D
Abstract
Current Internet communications security is typically provided by the integ ration of secure transport functionality into client and server software. T wo problems arise with this approach: Firstly, the use of integrated securi ty services requires modification to the existing Internet applications, re quiring re-development and re-deployment projects. Secondly, high-level sec urity services such as authorisation are not provided by secure transport p rotocols, requiring applications to rely on customised (and often insecure) mechanisms for the provision of such services. We propose a platform-indep endent system that uses proxy applications to provide both secure transport and authorisation services transparently to existing Internet applications . We demonstrate that our approach requires no modification to existing app lications, and that our security services are based on existing and widely used technologies. We discuss the merits of our architecture in the context of the intended deployment environment: an Internet-based heterogeneous pr ivate network such as an extranet or Virtual Private Network (VPN). We show that our approach achieves its goals at the expense of introducing a minor degree of performance loss into overall client-server communications, yet we maintain that this performance loss is a minor expense in relation to th e advantages of the system as a whole. (C) 2001 Elsevier Science Inc. All r ights reserved.