The Generalized Security Framework

Abstract

The Generalized Security Framework (GSF) consists of a set of libraries, classes, and tools that provide developers with the ability to easily secure distributed applications and collaborative environments. The GSF uses and enhances the Generic Security Services API (GSSAPI) to provide authentication, authorization, data protection, delegation, and auditing. It currently works with either DCE or Kerberos as the underlying security mechanism, and it has been designed so support for PKI can be easily added in the future. DCE/Kerberos is a scaleable, mature, robust security infrastructure embraced and accredited throughout the Nuclear Weapons Complex (NWC) for a secure collaborative modeling and simulation environment. The goal of the GSF is to provide a common security foundation that can be applied and extended to create secure distributed applications, independent of the communications protocol. The GSF provides a number of extensions that embed GSF security in specific remote communication APIs, such as Java sockets and Java RMI. The extensions have been designed and implemented in such a manner as to require minimum changes to application code in order to move from an unsecure application to a secure application. The advantage of this approach is that security can be enforced reliably and consistently since verymore » little is required of the application developer. In this paper, the authors describe the goals, design, and implementation of the Generalized Security Framework.« less