Authentication in distributed systems

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Authentication in distributed systems: theory and practice

Full text

Pdf (3.37 MB)

Source

ACM Transactions on Computer Systems (TOCS) archive
Volume 10 , Issue 4 (November 1992) table of contents

Pages: 265 - 310

Year of Publication: 1992

ISSN:0734-2071

Authors

Butler Lampson	Digital Equipment Corp., Palo Alto, CA
Martín Abadi	Digital Equipment Corp., Palo Alto, CA
Michael Burrows	Digital Equipment Corp., Palo Alto, CA
Edward Wobber	Digital Equipment Corp., Palo Alto, CA

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 92, Downloads (12 Months): 335, Citation Count: 90

Additional Information:

abstract references cited by index terms review collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/138873.138874 What is a DOI?

ABSTRACT

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a “speaks for” relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Martín Abadi , Michael Burrows , C. Kaufman , Butler W. Lampson, Authentication and Delegation with Smart-cards, Proceedings of the International Conference on Theoretical Aspects of Computer Software, p.326-345, September 24-27, 1991
	2	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993 [doi>10.1145/155183.155225]
	3	BIRRELL, A., LAMPSON, B., NEEDHAM, R., AND SCHROEDER, M. Global authentication without global trust. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1986), pp. 223-230.
	4	Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990 [doi>10.1145/77648.77649]
	5	CCITT. Information Processmg Systems -- Open Systems Interconnectmn -- The Directory Authentication Framework. CCITT 1988 Recommendation X.509. Also ISO/IEC 9594-8:1989.
	6	P. G. Comba, Exponentiation cryptosystems on the IBM PC, IBM Systems Journal, v.29 n.4, p.526-538, 1990
	7	Don Davis , Ralph Swick, Network security via private-key certificates, ACM SIGOPS Operating Systems Review, v.24 n.4, p.64-67, Oct. 1990 [doi>10.1145/94574.94579]
	8	Dorothy E. Denning, A lattice model of secure information flow, Communications of the ACM, v.19 n.5, p.236-243, May 1976 [doi>10.1145/360051.360056]
	9	DEPARTMENT OF DEFENSE. Trusted Computer System Evaluation Criteria. DOD 5200.28- STD, 1985.
	10	DIFFIE, W. AND HELLMAN, M. New directions m cryptography. IEEE Trans. Inf. Theor. IT- 22, 6 (Nov. 1976), 644-654.
	11	EBERLE, H. AND THACKER, C. A i Gbit/second GaAs DES chip. In Proceedtngs of the IEEE 1992 Custom Integrated Circuit Conference (Boston, Mass., May 1992), pp. 19.7.1-19.7.4.
	12	GASSER, M., GOLDSTEIN, A., KAUFMAN, C., AND LAMPSON, B. The Digital distributed system security architecture. In Proceedings of the 12th National Computer Securzty Conference (Baltimore, Md., Oct. 1989), pp. 305-319.
	13	GASSER, M., AND MCDERMOTT, E. An architecture for practical delegation in a distributed system. In Proceedtngs of the IEEE Symposium on Securlty and Privacy (Oakland, Calif., May 1990), pp. 20-30.
	14	HERBISON, B. Low cost outboard cryptographic support for SILS and SP4. In Proceedings of the 13th Natwnal Computer Sec~rity Conference (Baltimore, Md., Oct. 1990), pp. 286-295.
	15	KOHL, J., NEUMAN, C., AND STEINER, J The Kerberos network authentication service. Version 5, draft 3, Project Athena, MIT, Cambridge, Mass., Oct. 1990.
	16	Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974 [doi>10.1145/775265.775268]
	17	LINN, J. Practical authentication for distributed systems. Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1990), pp. 31-40.
	18	NATIONAL BUREAU OF STANDARDS. Data Encryption Standard. FIPS Pub. 46, Jan. 1977.
	19	Roger M. Needham , Michael D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978 [doi>10.1145/359657.359659]
	20	NEUMAN, C. Proxy-based authorization and accounting for distributed systems. Tech. Rep. 91-02~01, University of Washington, Seattle, Wash., March 1991.
	21	R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978 [doi>10.1145/359340.359342]
	22	Ronald L. Rivest, The MD4 Message Digest Algorithm, Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, p.303-311, August 11-15, 1990
	23	RIVEST, R. AND DUSSE, S. The MD5 Message-DzgestAlgorzthm. Internet Draft {MD5-A}: draft-rsadsi-rivest-md5-01.txt, July 1991.
	24	J. H. Saltzer , D. P. Reed , D. D. Clark, End-to-end arguments in system design, ACM Transactions on Computer Systems (TOCS), v.2 n.4, p.277-288, Nov. 1984 [doi>10.1145/357401.357402]
	25	M. Shand , P. Bertin , J. Vuillemin, Hardware speedups in long integer multiplication, Proceedings of the second annual ACM symposium on Parallel algorithms and architectures, p.138-145, July 02-06, 1990, Island of Crete, Greece [doi>10.1145/97444.97679]
	26	STEINER, J., NEUMAN, C., AND SCHILLER, J. Kerberos: An authentication service for open network systems. In Proceedings of the Usen~x Winter Conference (Berkeley, Calif., Feb 1988), pp. 191-202.
	27	TARDO, J. AND ALAGAPPAN, K. SPX: Global authentication using public key certificates. Proceedings of the IEEE Symposium on Securzty and Prtvacy (Oakland, Calif., May 1991), pp. 232-244.
	28	Victor L. Voydock , Stephen T. Kent, Security Mechanisms in High-Level Network Protocols, ACM Computing Surveys (CSUR), v.15 n.2, p.135-171, June 1983 [doi>10.1145/356909.356913]

CITED BY 90

	Olga Pacheco , José Carmo, A Role Based Model for the Normative Specification of Organized Collective Agency and Agents Interaction, Autonomous Agents and Multi-Agent Systems, v.6 n.2, p.145-184, March 2003
	Dan S. Wallach , Andrew W. Appel , Edward W. Felten, SAFKASI: a security mechanism for language-based systems, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.341-378, Oct. 2000
	Andrew W. Appel , Edward W. Felten, Proof-carrying authentication, Proceedings of the 6th ACM conference on Computer and communications security, p.52-62, November 01-04, 1999, Kent Ridge Digital Labs, Singapore
	Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993
	Dahlia Malkhi , Michael Reiter, Byzantine quorum systems, Proceedings of the twenty-ninth annual ACM symposium on Theory of computing, p.569-578, May 04-06, 1997, El Paso, Texas, United States
	Martín Abadi , Cédric Fournet , Georges Gonthier, Authentication primitives and their compilation, Proceedings of the 27th ACM SIGPLAN-SIGACT symposium on Principles of programming languages, p.302-315, January 19-21, 2000, Boston, MA, USA
	Michael K. Reiter , Stuart G. Stubblebine, Authentication metric analysis and design, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.138-158, May 1999
	Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, ACM Transactions on Computer Systems (TOCS), v.12 n.1, p.3-32, Feb. 1994
	Birgit Pfitzmann, Sorting out signature schemes, Proceedings of the 1st ACM conference on Computer and communications security, p.74-85, November 03-05, 1993, Fairfax, Virginia, United States
	Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
	Daniel J. Essin, Patterns of trust and policy, Proceedings of the 1997 workshop on New security paradigms, p.38-47, September 23-26, 1997, Langdale, Cumbria, United Kingdom
	Michael K. Reiter , Matthew K. Franklin , John B. Lacy , Rebecca N. Wright, The Ω key management service, Proceedings of the 3rd ACM conference on Computer and communications security, p.38-47, March 14-15, 1996, New Delhi, India
	Trent Jaeger , Atul Prakash , Jochen Liedtke , Nayeem Islam, Flexible control of downloaded executable content, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.177-228, May 1999
	David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, ACM SIGOPS Operating Systems Review, v.33 n.5, p.124-139, Dec. 1999
	Ninghui Li , Benjamin N. Grosof , Joan Feigenbaum, Delegation logic: A logic-based approach to distributed authorization, ACM Transactions on Information and System Security (TISSEC), v.6 n.1, p.128-171, February 2003
	Yuh-Jong Hu, Some thoughts on agent trust and delegation, Proceedings of the fifth international conference on Autonomous agents, p.489-496, May 2001, Montreal, Quebec, Canada
	H. M. Gladney, Access control for large collections, ACM Transactions on Information Systems (TOIS), v.15 n.2, p.154-194, April 1997
	Stuart G. Stubblebine , Rebecca N. Wright, An authentication logic supporting synchronization, revocation, and recency, Proceedings of the 3rd ACM conference on Computer and communications security, p.95-105, March 14-15, 1996, New Delhi, India
	Pierangela Samarati , Michael K. Reiter , Sushil Jajodia, An authorization model for a public key management service, ACM Transactions on Information and System Security (TISSEC), v.4 n.4, p.453-482, November 2001
	George Coulouris , Jean Dollimore , Marcus Roberts, Role and task-based access control in the PerDiS groupware platform, Proceedings of the third ACM workshop on Role-based access control, p.115-121, October 22-23, 1998, Fairfax, Virginia, United States
	Andrew D. Gordon , Riccardo Pucella, Validating a Web service security abstraction by typing, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
	Michael K. Reiter , Kenneth P. Birman , Robbert van Renesse, A security architecture for fault-tolerant systems, ACM Transactions on Computer Systems (TOCS), v.12 n.4, p.340-371, Nov. 1994
	George Coulouris , Jean Dollimore, Security requirements for cooperative work: a model and its system implications, Proceedings of the 6th workshop on ACM SIGOPS European workshop: Matching operating systems to application needs, September 12-14, 1994, Wadern, Germany
	Gennady Medvinsky , Charlie Lai , B. Clifford Neuman, Endorsements, licensing, and insurance for distributed system services, Proceedings of the 2nd ACM Conference on Computer and communications security, p.170-175, November 1994, Fairfax, Virginia, United States
	Michael K. Reiter , Stuart G. Stubblebine, Path independence for authentication in large-scale systems, Proceedings of the 4th ACM conference on Computer and communications security, p.57-66, April 01-04, 1997, Zurich, Switzerland
	Lidong Zhou , Fred B. Schneider , Robbert Van Renesse, COCA: A secure distributed online certification authority, ACM Transactions on Computer Systems (TOCS), v.20 n.4, p.329-368, November 2002
	David Lie Chandramohan Thekkath , Mark Mitchell , Patrick Lincoln , Dan Boneh , John Mitchell , Mark Horowitz, Architectural support for copy and tamper resistant software, ACM SIGARCH Computer Architecture News, v.28 n.5, p.168-177, Dec. 2000
	Shiu-Kai Chin, High-confidence design for security: don't trust—verify, Communications of the ACM, v.42 n.7, p.33-37, July 1999
	Stuart G. Stubblebine , Rebecca N. Wright, An Authentication Logic with Formal Semantics Supporting Synchronization, Revocation, and Recency, IEEE Transactions on Software Engineering, v.28 n.3, p.256-285, March 2002
	Michael K. Reiter , Kenneth P. Birman, How to securely replicate services, ACM Transactions on Programming Languages and Systems (TOPLAS), v.16 n.3, p.986-1009, May 1994
	Li Gong, Java Security: Present and Near Future, IEEE Micro, v.17 n.3, p.14-19, May 1997
	Leonard G. C. Hamey, Teaching secure communication protocols using a game representation, Proceedings of the fifth Australasian conference on Computing education, p.187-196, February 01, 2003, Adelaide, Australia
	Gerald Brose, Manageable access control for CORBA, Journal of Computer Security, v.10 n.4, p.301-337, December 2002
	David Lie , Chandramohan A. Thekkath , Mark Horowitz, Implementing an untrusted operating system on trusted hardware, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Michael Kaminsky , George Savvides , David Mazieres , M. Frans Kaashoek, Decentralized user authentication in a global file system, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
	Mary R. Thompson , Abdelilah Essiari , Srilekha Mudumbai, Certificate-based authorization policy in a PKI environment, ACM Transactions on Information and System Security (TISSEC), v.6 n.4, p.566-588, November 2003
	Longhua Zhang , Gail-Joon Ahn , Bei-Tseng Chu, A rule-based framework for role-based delegation and revocation, ACM Transactions on Information and System Security (TISSEC), v.6 n.3, p.404-441, August 2003
	Yair Bartal , Alain Mayer , Kobbi Nissim , Avishai Wool, Firmato: A novel firewall management toolkit, ACM Transactions on Computer Systems (TOCS), v.22 n.4, p.381-420, November 2004
	Edward Wobber , Martín Abadi , Michael Burrows , Butler Lampson, Authentication in the Taos operating system, ACM SIGOPS Operating Systems Review, v.27 n.5, p.256-269, Dec. 1993
	Dahlia Malkhi , Michael K. Reiter, An Architecture for Survivable Coordination in Large Distributed Systems, IEEE Transactions on Knowledge and Data Engineering, v.12 n.2, p.187-202, March 2000
	Computer Security in the Real World, Computer, v.37 n.6, p.37-46, June 2004
	M. Benantar , R. Guski , K. M. Troidle, Access control systems: from host-centric to network-centric computing, IBM Systems Journal, v.35 n.1, p.94-112, January 1996
	Chang N. Zhang , Chunren Lai, A systematic approach for encryption and authentication with fault tolerance, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.45 n.2, p.143-154, 5 June 2004
	Henry M. Gladney, Trustworthy 100-year digital objects: Evidence after every witness is dead, ACM Transactions on Information Systems (TOIS), v.22 n.3, p.406-436, July 2004
	Dahlia Malkhi , Michael Reiter, Byzantine quorum systems, Distributed Computing, v.11 n.4, p.203-213, October 1998
	Dinah McNutt, Role-based System Administration or Who, What, Where, and How, Proceedings of the 7th USENIX conference on System administration, November 01-05, 1993, Monterey, California, USA
	Martín Abadi , Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, v.22 n.1, p.6-15, January 1996
	Aviel D. Rubin , Daniel E. Geer Jr., A Survey of Web Security, Computer, v.31 n.9, p.34-41, September 1998
	Susan Older , Shiu-Kai Chin, Outcomes-based assessment as an assurance education tool, Security education and critical infrastructures, Kluwer Academic Publishers, Norwell, MA, 2003
	Michael K. Reiter, A Secure Group Membership Protocol, IEEE Transactions on Software Engineering, v.22 n.1, p.31-42, January 1996
	Paul England , Butler Lampson , John Manferdelli , Marcus Peinado , Bryan Willman, A Trusted Open Platform, Computer, v.36 n.7, p.55-62, July 2003
	Martín Abadi , Cédric Fournet, Private authentication, Theoretical Computer Science, v.322 n.3, p.427-476, 6 September 2004
	Ninghui Li , John C. Mitchell , William H. Winsborough, Beyond proof-of-compliance: security analysis in trust management, Journal of the ACM (JACM), v.52 n.3, p.474-514, May 2005
	Gang Yin , Huai-min Wang , Dian-xi Shi , Yan Jia , Meng Teng, A rule-based framework for role-based constrained delegation, Proceedings of the 3rd international conference on Information security, November 14-16, 2004, Shanghai, China
	Michael K. Reiter , Stuart G. Stubblebine, Resilient Authentication Using Path Independence, IEEE Transactions on Computers, v.47 n.12, p.1351-1362, December 1998
	Martín Abadi , Cédric Fournet , Georges Gonthier, Secure implementation of channel abstractions, Information and Computation, v.174 n.1, p.37-83, April 10, 2002
	Dominic Duggan, Type-based cryptographic operations, Journal of Computer Security, v.12 n.3,4, p.485-550, May 2004
	Martín Abadi , Boon Thau Loo, Towards a declarative language and system for secure networking, Proceedings of the 3rd USENIX international workshop on Networking meets databases, p.1-6, April 10, 2007, Cambridge, MA
	Mark S. Miller , James E. Donnelley , Alan H. Karp, Delegating responsibility in digital systems: Horton's "who done it?", Proceedings of the 2nd USENIX workshop on Hot topics in security, p.1-5, August 07, 2007, Boston, MA
	David Lai , Zhongwei Zhang, Network service sharing infrastructure: service authentication and authorization revocation, Proceedings of the 9th WSEAS International Conference on Communications, p.1-6, July 14-16, 2005, Athens, Greece
	José Carmo , Olga Pacheco, Deontic and Action Logics for Organized Collective Agency, Modeled through Institutionalized Agents and Roles, Fundamenta Informaticae, v.48 n.2-3, p.129-163, April 2001
	Martín Abadi , Andrew D. Gordon, A calculus for cryptographic protocols: the spi calculus, Proceedings of the 4th ACM conference on Computer and communications security, p.36-47, April 01-04, 1997, Zurich, Switzerland
	Jacob Y. Levy , Laurent Demailly , John K. Ousterhout , Brent B. Welch, The safe-Tcl security model, Proceedings of the Annual Technical Conference on USENIX Annual Technical Conference, 1998, p.23-23, June 15-19, 1998, New Orleans, Louisiana
	Klaas Sikkel, A group-based authorization model for cooperative systems, Proceedings of the fifth conference on European Conference on Computer-Supported Cooperative Work, p.345-360, September 07-11, 1997, Lancaster, UK
	Arne Helme , Tage Stabell-Kulø, Offline delegation, Proceedings of the 8th conference on USENIX Security Symposium, p.3-3, August 23-26, 1999, Washington, D.C.
	Martín Abadi , Andrew Birrell , Ted Wobber, Access control in a world of software diversity, Proceedings of the 10th conference on Hot Topics in Operating Systems, p.22-22, June 12-15, 2005, Santa Fe, NM
	Jon Howell , David Kotz, End-to-end authorization, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, p.11-11, October 22-25, 2000, San Diego, California
	Michael Kaminsky , Eric Peterson , Daniel B. Giffin , Kevin Fu , David Mazières , M. Frans Kaashoek, REX: secure, extensible remote execution, Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference, p.16-16, June 27-July 02, 2004, Boston, MA
	Martín Abadi, Access Control in a Core Calculus of Dependency, Electronic Notes in Theoretical Computer Science (ENTCS), 172, p.5-31, April, 2007
	David Pym , Chris Tofts, Systems Modelling via Resources and Processes: Philosophy, Calculus, Semantics, and Logic, Electronic Notes in Theoretical Computer Science (ENTCS), 172, p.545-587, April, 2007
	Ted Wobber , Aydan Yumerefendi , Martín Abadi , Andrew Birrell , Daniel R. Simon, Authorizing applications in singularity, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
	Thomas Y. C. Woo , Raghuram Bindignavle , Shaowen Su , Simon S. Lam, SNP: an interface for secure network programming, Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference, p.4-4, June 06-10, 1994, Boston, Massachusetts
	Tage Stabell-Kulø , Ronny Arild , Per Harald Myrvang, Providing authentication to messages signed with a smart card in hostile environments, Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology, p.11-11, May 10-11, 1999, Chicago, Illinois
	Isaac Hollander , P. Rajaram , Constantin Tanno, Kerberos on wall street, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, p.11-11, July 22-25, 1996, San Jose, California
	Martín Abadi, Access control in a core calculus of dependency, ACM SIGPLAN Notices, v.41 n.9, September 2006
	Julia Reznik , Tom Ritter , Rudolf Schreiner , Ulrich Lang, Model Driven Development of Security Aspects, Electronic Notes in Theoretical Computer Science (ENTCS), v.163 n.2, p.65-79, April, 2007
	Galen C. Hunt , James R. Larus, Singularity: rethinking the software stack, ACM SIGOPS Operating Systems Review, v.41 n.2, p.37-49, April 2007
	Arne Helme , Tage Stabell-Kulø, Security functions for a file repository, ACM SIGOPS Operating Systems Review, v.31 n.2, p.3-8, April 1997
	Chi-Chao Chang , Grzegorz Czajkowski , Chris Hawblitzel , Deyu Hu , Thorsten von Eicken, Security versus performance tradeoffs in RPC implementations for safe language systems, Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications, p.158-161, September 1998, Sintra, Portugal
	Andrea Bottoni , Gianluca Dini , Evangelos Kranakis, Credentials and Beliefs in Remote Trusted Platforms Attestation, Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, p.662-667, June 26-29, 2006
	Keok Auyong , Chye-Lin Chee, Authentication services for computer networks and electronic messaging systems, ACM SIGOPS Operating Systems Review, v.31 n.3, p.3-15, July 1997
	Joseph Y. Halpern , Vicky Weissman, Using First-Order Logic to Reason about Policies, ACM Transactions on Information and System Security (TISSEC), v.11 n.4, p.1-41, July 2008
	Gabriele Lenzini , Mortaza S. Bargh , Bob Hulsebosch, Trust-enhanced Security in Location-based Adaptive Authentication, Electronic Notes in Theoretical Computer Science (ENTCS), v.197 n.2, p.105-119, February, 2008
	Tao Xie , Xiao Qin, Performance evaluation of a new scheduling algorithm for distributed systems with security heterogeneity, Journal of Parallel and Distributed Computing, v.67 n.10, p.1067-1081, October, 2007
	Byung-Gon Chun , Petros Maniatis , Scott Shenker , John Kubiatowicz, Tiered fault tolerance for long-term integrity, Proccedings of the 7th conference on File and stroage technologies, p.267-282, February 24-27, 2009, San Francisco, California
	Marty Humphrey , Sang-Min Park , Jun Feng , Norm Beekwilder , Glenn Wasson , Jason Hogg , Brian LaMacchia , Blair Dillaway, Fine-grained access control for GridFTP using SecPAL, Proceedings of the 8th IEEE/ACM International Conference on Grid Computing, p.217-225, September 19-21, 2007
	Mariano Ceccato , Mila Dalla Preda , Jasvir Nagra , Christian Collberg , Paolo Tonella, Trading-off security and performance in barrier slicing for remote software entrusting, Automated Software Engineering, v.16 n.2, p.235-261, June 2009
	Lujo Bauer , Limin Jia , Michael K. Reiter , David Swasey, xDomain: cross-border proofs of access, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
	Aditya Kanade , Amitabha Sanyal , Uday P. Khedker, Validation of GCC optimizers through trace generation, Software—Practice & Experience, v.39 n.6, p.611-639, April 2009

INDEX TERMS

Primary Classification:
D. Software
D.4 OPERATING SYSTEMS
D.4.6 Security and Protection
Subjects: Authentication

General Terms:
Security, Theory, Verification

Keywords:
certification authority, delegation, group, interprocess communication, key distribution, loading programs, path name, principal, role, secure channel, speaks for, trusted computing base

REVIEW

"Stanley A. Kurzban : Reviewer"

Although the use of distributed systems is growing rapidly, they have not yet come to dominate conventional business data processing. The authors usefully address a significant impediment to such domination: effective access control across dis more...

Collaborative Colleagues:

Butler Lampson: colleagues

Martín Abadi: colleagues

Michael Burrows: colleagues

Edward Wobber: colleagues

Adobe Acrobat

QuickTime

Windows Media Player

Real Player