DOCSec '98 Position Statement Los Alamos National Laboratory Justin Doak and Dave Forslund Global Weapons Information System (GWIS) and TeleMed and two Los Alamos projects based upon the Common Object Request Broker Architecture (CORBA) technology. Other than the fact that they share a common infrastructure, these two applications seem entirely unrelated; one is a health care application while the other attempts to improve access to weapons information. Nevertheless, they share almost identical security requirements in terms of data integrity, authentication, and authorization and are attempting to share this common infrastructure. This position paper will give a brief overview of the GWIS and TeleMed projects and outline the mutual security requirements, critical and optional, for these two systems. At the conference, we will discuss capabilities (or lack thereof) of existing and emerging Distributed Object Computing (DOC) security products that may help us meet our requirements. We will also present a vision of how these security products could be enhanced to better meet the needs of our particular application domains. The goal of the GWIS project is to provide weapons designers at Los Alamos National Laboratory easy access to remote archived weapons data. This improved access will assist Science-Based Stockpile Stewardship (SBSS), the Advanced Strategic Computing Initiative (ASCI), and in general will aid in verifying the effectiveness of our existing weapons stockpile. We employ a traditional client/server architecture with Java applet clients connecting to Java or C++ servers. CORBA is the distributed computing infrastructure we have chosen primarily because it allows us to abstract away a lot of the difficulties in distributed computing (e.g., different platforms and languages, low-level RPC communication, etc.). TeleMed is an intuitive patient-record system that supports image, audio, and graphical data. It integrates complete patient records with detailed radiographic data and allows the remote sharing of patient and radiological data over networks. Physicians and radiologists in training can use TeleMed to learn to analyze specific diseases. TeleMed improves clinical diagnosis and treatment management and reduces the cost of health care by eliminating the time-consuming and costly activity of data gathering and by enabling easy use of powerful analysis tools. Below, we list the requirements that are critical to the security system for these two projects. 1.Security must work with Java applet and/or application front-ends (clients) and C++ or Java back-ends (servers) 2.User authentication 3.Application-level authorization 4.Authorization on a per-object and per-method basis The following requirements are desirable, but not critical. 5.Mutual authentication between clients and servers 6.Integrity of requests and responses 7.Confidentiality of requests and responses 8.Securing sensitive or classified files 9.Auditing (possibly a critical requirement) 10.Non-repudiation 11.Smart authorization Most of these requirements will be met by full implementations (i.e., Levels 1 and 2 compliant) of CORBA Security. However, we are unaware of any current implementations of the security service that will work with the Java programming language (i.e., Requirement 1). Consequently, we are forced to use alternative tools to meet the various requirements. Conclusion Without the ability to use an implemention of CORBA Security, meeting our various security requirements involves piecing together several different tools to obtain a reasonable level of security. Some of these tools may be commercially available while others will need to be written in-house. Even after we have obtained a fully-compliant implementation, we do not expect file security, non-repudiation, or smart authorization to be supported. We hope that at least file security and non-repudiation are eventually integrated into the main security functionality of the specification. At the workshop, we will discuss our experiences with attempting to meet these requirements using existing or announced technologies. For more information, refer to http://blue.lanl.gov/~doak/security_report.html.