ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Authentication in the Taos operating system
Full text PdfPdf (1.88 MB)
Source ACM Transactions on Computer Systems (TOCS) archive
Volume 12 ,  Issue 1  (February 1994) table of contents
Special issue on operating systems principles
Pages: 3 - 32  
Year of Publication: 1994
ISSN:0734-2071
Authors
Edward Wobber  Digital Equipment Corp., Palo Alto, CA
Martín Abadi  Digital Equipment Corp., Palo Alto, CA
Michael Burrows  Digital Equipment Corp., Palo Alto, CA
Butler Lampson  Digital Equipment Corp., Palo Alto, CA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 13,   Downloads (12 Months): 84,   Citation Count: 32
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/174613.174614
What is a DOI?

ABSTRACT

We describe a design for security in a distributed system and its implementation. In our design, applications gain access to security services through a narrow interface. This interface provides a notion of identity that includes simple principals, groups, roles, and delegations. A new operating system component manages principals, credentials, and secure channels. It checks credentials according to the formal rules of a logic of authentication. Our implementation is efficient enough to support a substantial user community.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
M. Abadi , M. Burrows , C. Kaufman , B. Lampson, Authentication and delegation with smart-cards, Science of Computer Programming, v.21 n.2, p.93-113, Oct. 1993
2
Martín Abadi , Michael Burrows , Butler Lampson , Gordon Plotkin, A calculus for access control in distributed systems, ACM Transactions on Programming Languages and Systems (TOPLAS), v.15 n.4, p.706-734, Sept. 1993  [doi>10.1145/155183.155225]
 
3
BIRRELL, A., HISGEN, A., JERIAN, C., MANN, T., AND SWART, G. 1993. The Echo distributed file system. Rep. 111, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif.
 
4
CCITT. 1988. Information processing systems Open systems interconnection--The directory authentication framework. CCITT 1988 Recommendation X.509, Geneva, Switzerland.
 
5
EBERLE, a. AND THACKER, C. 1992. A 1 Gbit/seeond GaAs DES chip. In Proceedings of the IEEE Custom Integrated Circuit Conference. IEEE, New York, 19.7.1 19.7.4.
 
6
GASSER, M., GOLDSTEIN, A., KAUFMAN, C., ~D LAMPSON, B. 1989. The Digital distributed system security architecture., In Proceedings of the 12th National Computer Security Conference. NIST/NCSC, 305 319.
 
7
HERBISON, B. 1990. Low cost outboard cryptographic support for SILS and SP4. In Proceed~ ings of the 13th National Computer Security Conference. NIST/NCSC, 286-295.
 
8
Donald E. Knuth, The art of computer programming, volume 3: (2nd ed.) sorting and searching, Addison Wesley Longman Publishing Co., Inc., Redwood City, CA, 1998
9
Butler W. Lampson, Protection, ACM SIGOPS Operating Systems Review, v.8 n.1, p.18-24, January 1974  [doi>10.1145/775265.775268]
10
Butler Lampson , Martín Abadi , Michael Burrows , Edward Wobber, Authentication in distributed systems: theory and practice, ACM Transactions on Computer Systems (TOCS), v.10 n.4, p.265-310, Nov. 1992  [doi>10.1145/138873.138874]
 
11
NATIONAL BUREAU OF STANDARDS. 1977. Data Encryption Standard. FIPS Pub. 46, Washington, D.C.
 
12
Roger M. Needham, Cryptography and secure channels, Distributed systems (2nd Ed.), ACM Press/Addison-Wesley Publishing Co., New York, NY, 1993
 
13
CORPORATE Open Software Foundation, Introduction to OSF DCE (rev. 1.0), Prentice-Hall, Inc., Upper Saddle River, NJ, 1992
 
14
QUISQUATER, J.-J., DE WALEFFE, D., AND BOURNAS, J.-P. 1991. Corsair: A chip card with fast RSA capability, tn Smart Card 2000. Elsevier, New York, 199 206.
 
15
Ronald L. Rivest, The MD4 Message Digest Algorithm, Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology, p.303-311, August 11-15, 1990
16
R. L. Rivest , A. Shamir , L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Communications of the ACM, v.21 n.2, p.120-126, Feb. 1978  [doi>10.1145/359340.359342]
17
Michael D. Schroeder , Michael Burrows, Performance of the Firefly RPC, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.1-17, Feb. 1990  [doi>10.1145/77648.77653]
 
18
SHAND, M., AND VUILLEMIN, J 1993. Fast implementations of RSA cryptography In the 11 Symposium on Computer Amthmetzc. IEEE Computer Socmty, Washington, D C
 
19
STEINER, J., NEUMAN, C., AND SCHILLER, J. 1988. Kerberos: An authentication servme for open network systems. In Proceedings of the USNIX Winter Conference (1988). USNIX Association, Berkeley, Calif., 191 202.
 
20
Charles P. Thacker , Lawrence C. Stewart , Edwin H. Satterthwaite, Jr., Firefly: A Multiprocessor Workstation, IEEE Transactions on Computers, v.37 n.8, p.909-920, August 1988  [doi>10.1109/12.2243]

CITED BY  32
Trent Jaeger , Atul Prakash, Requirements of role-based access control for collaborative systems, Proceedings of the first ACM Workshop on Role-based access control, p.16-es, November 30-December 02, 1995, Gaithersburg, Maryland, United States
Chandramohan A. Thekkath , Timothy Mann , Edward K. Lee, Frangipani: a scalable distributed file system, ACM SIGOPS Operating Systems Review, v.31 n.5, p.224-237, Dec. 1997
David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, ACM SIGOPS Operating Systems Review, v.33 n.5, p.124-139, Dec. 1999
Dan S. Wallach , Dirk Balfanz , Drew Dean , Edward W. Felten, Extensible security architectures for Java, ACM SIGOPS Operating Systems Review, v.31 n.5, p.116-128, Dec. 1997
Dan S. Wallach , Andrew W. Appel , Edward W. Felten, SAFKASI: a security mechanism for language-based systems, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.341-378, Oct. 2000
Andrew D. Gordon , Riccardo Pucella, Validating a Web service security abstraction by typing, Proceedings of the 2002 ACM workshop on XML security, November 22-22, 2002, Fairfax, VA
Trent Jaeger , Atul Prakash , Jochen Liedtke , Nayeem Islam, Flexible control of downloaded executable content, ACM Transactions on Information and System Security (TISSEC), v.2 n.2, p.177-228, May 1999
Sabrina De Capitani di Vimercati , Pierangela Samarati, Access control in federated systems, Proceedings of the 1996 workshop on New security paradigms, p.87-99, September 17-20, 1996, Lake Arrowhead, California, United States
Michael Kaminsky , George Savvides , David Mazieres , M. Frans Kaashoek, Decentralized user authentication in a global file system, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
Tal Garfinkel , Ben Pfaff , Jim Chow , Mendel Rosenblum , Dan Boneh, Terra: a virtual machine-based platform for trusted computing, Proceedings of the nineteenth ACM symposium on Operating systems principles, October 19-22, 2003, Bolton Landing, NY, USA
Trent Jaeger , Frederique Giraud , Nayeem Islam , Jochen Liedtke, A role-based access control model for protection domain derivation and management, Proceedings of the second ACM workshop on Role-based access control, p.95-106, November 06-07, 1997, Fairfax, Virginia, United States
Computer Security in the Real World, Computer, v.37 n.6, p.37-46, June 2004
Martín Abadi , Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, v.22 n.1, p.6-15, January 1996
Susan Older , Shiu-Kai Chin, Outcomes-based assessment as an assurance education tool, Security education and critical infrastructures, Kluwer Academic Publishers, Norwell, MA, 2003
Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Nataraj Nagaratnam , Doug Lea, Secure delegation for distributed object environments, Proceedings of the 4th conference on USENIX Conference on Object-Oriented Technologies and Systems (COOTS), p.8-8, April 27-30, 1998, Santa Fe, New Mexico
Angelos D. Keromytis , Jonathan M. Smith, Requirements for scalable access control and security management architectures, ACM Transactions on Internet Technology (TOIT), v.7 n.2, p.8-es, May 2007
Tal Garfinkel , Mendel Rosenblum , Dan Boneh, Flexible OS support and applications for trusted computing, Proceedings of the 9th conference on Hot Topics in Operating Systems, p.25-25, May 18-21, 2003, Lihue, Hawaii
Martín Abadi , Andrew Birrell , Ted Wobber, Access control in a world of software diversity, Proceedings of the 10th conference on Hot Topics in Operating Systems, p.22-22, June 12-15, 2005, Santa Fe, NM
Ian Goldberg , Steven D. Gribble , David Wagner , Eric A. Brewer, The Ninja jukebox, Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems, p.4-4, October 11-14, 1999, Boulder, Colorado
Jon Howell , David Kotz, End-to-end authorization, Proceedings of the 4th conference on Symposium on Operating System Design & Implementation, p.11-11, October 22-25, 2000, San Diego, California
Michael Kaminsky , Eric Peterson , Daniel B. Giffin , Kevin Fu , David Mazières , M. Frans Kaashoek, REX: secure, extensible remote execution, Proceedings of the USENIX Annual Technical Conference 2004 on USENIX Annual Technical Conference, p.16-16, June 27-July 02, 2004, Boston, MA
Martín Abadi, Access Control in a Core Calculus of Dependency, Electronic Notes in Theoretical Computer Science (ENTCS), 172, p.5-31, April, 2007
Ted Wobber , Aydan Yumerefendi , Martín Abadi , Andrew Birrell , Daniel R. Simon, Authorizing applications in singularity, ACM SIGOPS Operating Systems Review, v.41 n.3, June 2007
Martín Abadi, Access control in a core calculus of dependency, ACM SIGPLAN Notices, v.41 n.9, September 2006
Trent Jaeger , Aviel D. Rubin , Atul Prakash, Building systems that flexibly control downloaded executable context, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, p.14-14, July 22-25, 1996, San Jose, California
Trent Jaeger , Jochen Liedtke , Nayeem Islam, Operating system protection for fine-grained programs, Proceedings of the 7th conference on USENIX Security Symposium, 1998, p.11-11, January 26-29, 1998, San Antonio, Texas
Galen C. Hunt , James R. Larus, Singularity: rethinking the software stack, ACM SIGOPS Operating Systems Review, v.41 n.2, p.37-49, April 2007
Andrea Bottoni , Gianluca Dini , Evangelos Kranakis, Credentials and Beliefs in Remote Trusted Platforms Attestation, Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, p.662-667, June 26-29, 2006
Nickolai Zeldovich , Silas Boyd-Wickizer , David Mazières, Securing distributed systems with information flow control, Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation, p.293-308, April 16-18, 2008, San Francisco, California
Limin Jia , Jeffrey A. Vaughan , Karl Mazurak , Jianzhou Zhao , Luke Zarko , Joseph Schorr , Steve Zdancewic, AURA: a programming language for authorization and audit, ACM SIGPLAN Notices, v.43 n.9, September 2008
Prince Mahajan , Ramakrishna Kotla , Catherine C. Marshall , Venugopalan Ramasubramanian , Thomas L. Rodeheffer , Douglas B. Terry , Ted Wobber, Effective and efficient compromise recovery for weakly consistent replication, Proceedings of the fourth ACM european conference on Computer systems, April 01-03, 2009, Nuremberg, Germany

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Authentication

Additional Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS

  D. Software
  D.4 OPERATING SYSTEMS
      D.4.6 Security and Protection
          Subjects: Access controls


General Terms:
Design, Security, Theory


Keywords:
cryptography, mathematical logic


REVIEW

"Jonathan K. Millen : Reviewer"

In a 1992 paper in the same journal [1], a permutation of these authors introduced the concepts applied in this paper. The problem addressed in both papers is discretionary, or identity-based, access control in a distributed system  more...

Collaborative Colleagues:
Edward Wobber: colleagues
Martín Abadi: colleagues
Michael Burrows: colleagues
Butler Lampson: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player