How to use the Cherubim Demo

This document will outline how to use the Cherubim source code that you have downloaded.  For more information on the Cherubim architecture and the internal workings of this code, consult the Cherubim web site at http://choices.cs.uiuc.edu/Security/cherubim/.

1. Unzip the archive cherubim-demo.zip in the directory c:\.  This file contains all the code that makes up the Cherubim system.  This will create a directory cherubim-demo in the current directory with many files and sub directories.  It is important that you unzip this file here because various parts of the orb and demo files rely on absolute pathnames starting with c:\cherubim-demo\.
2. Unzip the archive JacORB_v0.8.zip also in the directory c:\.  This file contains all the JacORB files from version 0.8 that were used as a basis for the secure orb in the Cherubim system.  These files were not written by the Cherubim team, see acknowledgments below.
3. Download the IAIK JCE and iSaSiLk packages from their web site.  As of this writing, these were available from  http://jcewww.iaik.tu-graz.ac.at/download.html.  Be sure to download the iaik_jce_full.jar file, and the appropriate implementation of iSaSiLk for your platform.  These packages implement the cryptographic functionality of the Cherubim system.  Due to copyright and export restrictions we could not ship these packages with our system.
4. Add the files jdk11x_update.jar,  iaik_jce_full.jar, (from the IAIK JCE distribution) and iaik_ssl.jar (from the iSaSiLk distribution) to the directory c:\cherubim-demo\IAIK.  The demo batch files depend on these files being in this place.

1. Open four MS-DOS prompts in directory c:\cherubim-demo\cherubim-code\basicdemo\.
2. In one window, start the CORBA Name Server by running startns.bat.
3. In another window, start the Security Policy Administrator by running admin.bat.
4. Make a capability for yourself in the administrative GUI by typing component of Group1, user of any name, file extension of fin, and allowed operations of RegisterClient;SendMessage;RemoveClient (operations are listed like this, separated by semi-colons and without spaces), then hit the button New Capability then the Add button followed by Update Storage.
5. In another window, start the Web Chat Server by running ChatServer.bat.
6. Finally, in another window, start the Chat Client by running ChatGUI.bat <name> where <name> is the user name used in step 4 above.
7. Now, you can play with the Web Chat system and send message, etc.  You can open another window and create another user capability with the KickOutClient operation and remove other users from the system.  All users must have a RegisterClient capability for Group1, however.
8. To shut down the system, you need only hit Control-C in all the windows.

1. Open five MS-DOS prompts in directory c:\cherubim-demo\cherubim-code\securedemo\.
2. In one window, start the CORBA Name Server by running startns.bat.
3. In another window, start the Security Policy Administrator by running admin.bat.
4. Make a capability for yourself in the administrative GUI by typing component of sysman, user of your user name on this computer, file extension of fin, and allowed operations of activate;execute;infoa then hit the button New Capability then the Add button followed by Update Storage.
5. In another window, start the System Manager by running systemmanager.bat.
6. In another window, start the Host Manager by running hostmanager.bat.
7. Finally, in the last window start the user application by running userapp.bat.
8. A GUI window will then pop up, enter darpa.host in the host box.
9. Activate the host (under the hosts menu).
10. Run a program by putting Launch.exe in the filename field, giving the process a name in the Process Name field (this can be anything), and a number in the Process ID field.  You can verify that this program is running (it doesn't do anything noticeable) by hitting Control-Alt-Delete and the program name will be in the task list there.
11. Play around some more with the system.  You can create new capabilities in the administrative GUI by putting the new operations, hitting Add, Update Storage, then Send Capability.  The other operations available are killa, status, and load.  Other programs available are Spy.exe and Secure.exe.
12. To shut down the system, you need only hit Control-C in all the windows.

1. Start the Secure Orb Process Management Application as above up to running userapp.bat.  Do NOT start the user application.
2. Open one more MS-DOS prompt for a total of six.
3. In one of the windows, start the Home Agent by running homeagent.bat.
4. In the final window, bootstrap the user application by running bootuserapp.bat.  This version of the user application is missing a necessary class, but it knows how to securely go over the (localhost) network to get it from the Home Agent.
5. When prompted for a passphrase, just hit <ENTER>.
6. You can now run the rest of the Secure Orb Demonstration above.

• In general, if you start one of the programs out of order, or start one and then abort it with Control-C or by closing the GUI window, the system will likely get confused.  In order to solve this problem, halt all programs (with Control-C or by closing the GUI window) and start demonstration over.
• If you get an error when starting the policy administrator like "Cannot Connect" or "Connection Refused" or maybe "NotFound" most likely you did not unzip the demonstration files in the proper directory (c:\).
• If when creating a capability in the administrative GUI you get messages like "Could not add to username's allowed list: RegisterClient SendMessage RemoveClient", "Could not update username's capability file", "Could not update username's current file", and "Completed updating task for username" then you neglected to push the New Capability button before pushing the other buttons.
• If when starting the web chat client, you do not get a GUI, but just get back to a  prompt, that means that the client could not register with Group1.  Create a capability for the user that includes the RegisterClient operation for Group1.

 

The Secure Orb that is the basis for the Cherubim system is a modified version of JacORB by Gerald Brose.  This is a full featured implementation of the CORBA standard in Java.  For more information on Jacorb consult the its home page at: http://www.inf.fu-berlin.de/~brose/jacorb/.

Also, the cherubim.util.RawKey and RawSecretKey classes were taken from the Cryptix-Java free Java cryptography package developed by the Cryptix Development Team.  The development team was also helpful in designing Cherubim core security services API and implementation.  More information on the Cryptix effort can be found on their web page at: http://www.systemics.com/software/cryptix-java/.

Finally, the IAIK implementation of the Java Cryptographic Architecture and Java Secure Sockets Layer was developed by Institute for Applied Information Processing and Communications, Graz University of Technology.  More information can be found on their web site at http://www.iaik.tu-graz.ac.at/.

This document last modified 7 Jul 98 by Chuck Willis.