Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term Common Object Request Broker Architecture (CORBA)

Training Camp • Cybersecurity Glossary

What is Common Object Request Broker Architecture (CORBA)?

It is OMG's middleware standard letting objects in different languages and platforms interoperate via an ORB and IDL — common in legacy enterprise systems.

Glossary > Application & API Security > Common Object Request Broker Architecture (CORBA)

Common Object Request Broker Architecture (CORBA) — It is OMG's middleware standard letting objects in different languages

Understanding Common Object Request Broker Architecture (CORBA)

Common Object Request Broker Architecture (CORBA) is a middleware standard from the Object Management Group (OMG) that lets software objects written in different languages and running on different platforms call one another. It addresses interoperability by abstracting location, language, and operating system behind a common object model and a broker that routes invocations.

It works through two core elements. An Interface Definition Language (IDL) defines each object's operations in a language-neutral contract, which is compiled into stubs (client side) and skeletons (server side) for languages like Java, C++, or Python. The Object Request Broker (ORB) is the runtime bus that locates the target object, marshals the request, transmits it — typically over IIOP, the Internet Inter-ORB Protocol on top of GIOP — invokes the method remotely, and returns the result, hiding the network from developers.

It matters for security because distributed object middleware widens the attack surface: remote invocations can expose unauthenticated methods, IIOP traffic may traverse untrusted networks, and legacy ORBs often predate modern hardening. The CORBA Security Service defines authentication, access control, message confidentiality and integrity, delegation, and audit; production deployments add transport encryption (SSL/TLS over IIOP) and strict access policies. Where CORBA lingers in legacy systems, unpatched ORBs and permissive firewall rules for IIOP ports are recurring risks.

For example, a global financial institution might use CORBA to connect a legacy mainframe ledger written in COBOL with newer Java-based distributed services. The IDL contract lets the Java client invoke mainframe operations as if they were local objects, the ORB handles cross-platform communication over IIOP, and the CORBA Security Service plus TLS enforce mutual authentication and encrypt sensitive transaction data crossing between the two environments.

Learn More About Common Object Request Broker Architecture (CORBA):

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →