ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
Integrating security in a large distributed system
Full text PdfPdf (2.90 MB)
Source ACM Transactions on Computer Systems (TOCS) archive
Volume 7 ,  Issue 3  (August 1989) table of contents
Pages: 247 - 280  
Year of Publication: 1989
ISSN:0734-2071
Author
M. Satyanarayanan  Carnegie-Mellon Univ., Pittsburgh, PA
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 7,   Downloads (12 Months): 100,   Citation Count: 48
Additional Information:

abstract   references   cited by   index terms   review   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/65000.65002
What is a DOI?

ABSTRACT

Andrew is a distributed computing environment that is a synthesis of the personal computing and timesharing paradigms. When mature, it is expected to encompass over 5,000 workstations spanning the Carnegie Mellon University campus. This paper examines the security issues that arise in such an environment and describes the mechanisms that have been developed to address them. These mechanisms include the logical and physical separation of servers and clients, support for secure communication at the remote procedure call level, a distributed authentication service, a file-protection scheme that combines access lists with UNIX mode bits, and the use of encryption as a basic building block. The paper also discusses the assumptions underlying security in Andrew and analyzes the vulnerability of the system. Usage experience reveals that resource control, particularly of workstation CPU cycles, is more important than originally anticipated and that the mechanisms available to address this issue are rudimentary.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
ACCETTA, M. J., ROBERTSON, G. G., SATYANARAYANAN, M., AND THOMPSON, M. The design of a network-based central file system. Tech. Rep. CMU-CS-80-134, Dept. of Computer Science, Carnegie Mellon Univ., Pittsburgh, Pa., Aug. 1980.
 
2
ADVANCED MICRO DEVICES. MOS Microprocessors and Peripherals, 1985.
3
Andrew D. Birrell , Roy Levin , Michael D. Schroeder , Roger M. Needham, Grapevine: an exercise in distributed computing, Communications of the ACM, v.25 n.4, p.260-274, April 1982  [doi>10.1145/358468.358487]
4
Andrew D. Birrell, Secure communication using remote procedure calls, ACM Transactions on Computer Systems (TOCS), v.3 n.1, p.1-14, Feb. 1985  [doi>10.1145/214451.214452]
 
5
BURROWS, M. L., ABADI, M., AND NEEDHAM, R.N. A logic of authentication. Tech. Rep. 39, Digital Equipment Corporation, Systems Research Center, Palo Alto, Calif., Feb. 1989.
6
David R. Cheriton , Willy Zwaenepoel, The distributed V kernel and its performance for diskless workstations, Proceedings of the ninth ACM symposium on Operating systems principles, p.129-140, October 10-13, 1983, Bretton Woods, New Hampshire, United States
 
7
CRUMLEY, P. TRADMYBD: Data Encryption Adapter Technical Reference Manual and Programmers' Guide, Version 0.20. Tech. Rep. CMU-ITC-059, Information Technology Center, Carnegie Mellon Univ., Pittsburgh, Pa., Dec. 1986.
 
8
Roger Berry Dannenberg, Resource sharing in a network of personal computers, 1982
 
9
DIFFIE, W., AND HELLMAN, M.E. Privacy and authentication: An introduction to cryptography. Proc. IEEE 67, 3 (Mar. 1979), 397-427.
 
10
DoD. Trusted Computer System Evaluation Criteria. CSC-STD-001-83, Dept. of Defense, Computer Security Center, 1985.
 
11
FERNANDEZ, G., AND ALLEN, L. Extending the UNIX protection model with access control lists. In Usenix Conference Proceedings (Summer, 1988).
 
12
GRAMPP, F. T., AND MORRIS, R.H. Unix operating system security. Bell Lab. Tech. J. 63, 8 (Oct. 1984), 1649-1672.
13
John H. Howard , Michael L. Kazar , Sherri G. Menees , David A. Nichols , M. Satyanarayanan , Robert N. Sidebotham , Michael J. West, Scale and performance in a distributed file system, ACM Transactions on Computer Systems (TOCS), v.6 n.1, p.51-81, Feb. 1988  [doi>10.1145/35037.35059]
 
14
IBM. IBM 4700 Personal Computer Financial Security Adapter: Guide to Operations. No. 6024361, IBM Corp., 1985.
 
15
IBM. IBM 4700 Personal Computer Financial Security Adapter: Microcode Users Guide. No. 6024362, IBM Corp., 1985.
 
16
Anita Katherine Jones, Protection in programmed systems., 1973
 
17
JONES, A. K., AND WULF, W.A. Towards the design of secure systems. Softw. Pract. Exper. 5 (1975), 321-336.
18
Butler W. Lampson, A note on the confinement problem, Communications of the ACM, v.16 n.10, p.613-615, Oct. 1973  [doi>10.1145/362375.362389]
19
Edward D. Lazowska , John Zahorjan , David R. Cheriton , Willy Zwaenepoel, File access performance of diskless workstations, ACM Transactions on Computer Systems (TOCS), v.4 n.3, p.238-268, Aug. 1986  [doi>10.1145/6420.6423]
 
20
MEYER, C. H., AND MATYAS, S.M. Cryptography: A New Dimension in Computer Data Security. John Wiley, New York, 1982.
21
James H. Morris , Mahadev Satyanarayanan , Michael H. Conner , John H. Howard , David S. Rosenthal , F. Donelson Smith, Andrew: a distributed personal computing environment, Communications of the ACM, v.29 n.3, p.184-201, March 1986  [doi>10.1145/5666.5671]
22
Roger M. Needham , Michael D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM, v.21 n.12, p.993-999, Dec. 1978  [doi>10.1145/359657.359659]
23
D. Nichols, Using idle workstations in a shared computing environment, Proceedings of the eleventh ACM Symposium on Operating systems principles, p.5-12, November 08-11, 1987, Austin, Texas, United States
 
24
RABIN, M. O., AND TYOAR, J.D. An integrated toolkit for operating system security. Tech. Rep. TR-05-87, Aiken Computation Lab., Harvard Univ., Cambridge, Mass., May 1987.
25
Jerome H. Saltzer, Protection and the control of information sharing in multics, Communications of the ACM, v.17 n.7, p.388-402, July 1974  [doi>10.1145/361011.361067]
 
26
SATYANARAYANAN, M. Users, groups and access lists: An implementor's guide. Tech. Rep. CMU-ITC-84-005, Information Technology Center, Carnegie Mellon Univ., Pittsburgh, Pa., Aug. 1984.
27
M. Satyanarayanan , John H. Howard , David A. Nichols , Robert N. Sidebotham , Alfred Z. Spector , Michael J. West, The ITC distributed file system: principles and design, Proceedings of the tenth ACM symposium on Operating systems principles, p.35-50, December 1985, Orcas Island, Washington, United States
 
28
SATYANARAYANAN, M. RPC2 User Manual. Tech. Rep. CMU-ITC-84-038, Information Technology Center, Carnegie Mellon Univ., Pittsburgh, Pa., 1986 (revised).
 
29
SIDEBOTHAM, R.N. Volumes: The Andrew file system data structuring primitive. In European Unix User Group Conference Proceedings (Aug. 1986). Also available as Tech. Rep. CMU-ITC- 053, Information Technology Center, Carnegie Mellon Univ., Pittsburgh, Pa., 1986.
 
30
SPECTOR, A. Z., AND KAZAR, M.L. Wide area file service and the AFS experimental system. Unix Rev. 7, 3 (Mar. 1989).
 
31
STEINER, J. G., NEUMAN, C., AND SCHILLER, J.i. Kerberos: An authentication service for open network systems. In Usenix Conference Proceedings (Winter, 1988).
 
32
TAYLOR, B. Secure networking in the Sun environment. In Usenix Conference Proceedings (Atlanta, Ga., Summer, 1986).
 
33
TAYLOR, B. A framework for network security. Sun Technology 1, 2 (Spring 1988).
 
34
U.S. DEPARTMENT OF COMMERCE, N.B.S., Data Encryption Standard. 1977. Federal Information Processing Standards Publication, FIPS PUB 46.
35
Victor L. Voydock , Stephen T. Kent, Security Mechanisms in High-Level Network Protocols, ACM Computing Surveys (CSUR), v.15 n.2, p.135-171, June 1983  [doi>10.1145/356909.356913]
 
36
WESTERN DIGITAL CORP. Data Communication Products Handbook, 1985.
 
37
WULF, W. A., LEVIN, R., AND HARBISON, S.P. HYDRA/C.mmp: An Experimental Computer System. McGraw-Hill, New York, 1981.
 
38
ZAYAS, E.R. Administrative cells: Proposal for cooperative Andrew file systems. Tech. Rep. CMU-ITC-060, Information Technology Center, Carnegie Mellon Univ., Pittsburgh, Pa., June, 1987.

CITED BY  48
Elisa Bertino , Pierangela Samarati , Sushil Jajodia, An Extended Authorization Model for Relational Databases, IEEE Transactions on Knowledge and Data Engineering, v.9 n.1, p.85-101, January 1997
M. Burrows , M. Abadi , R. Needham, A logic of authentication, ACM SIGOPS Operating Systems Review, v.23 n.5, p.1-13, Dec. 3–6, 1989
Mirjana Spasojevic , M. Satyanarayanan, An empirical study of a wide-area distributed file system, ACM Transactions on Computer Systems (TOCS), v.14 n.2, p.200-222, May 1996
M. Satyanarayanan , Mirjana Spasojevic, AFS and the web: competitors or collaborators?, Proceedings of the 7th workshop on ACM SIGOPS European workshop: Systems support for worldwide applications, September 09-11, 1996, Connemara, Ireland
Eliezer Levy , Abraham Silberschatz, Distributed file systems: concepts and examples, ACM Computing Surveys (CSUR), v.22 n.4, p.321-374, Dec. 1990
Geng-Sheng Kuo , Jing-Pei Lin, New design concepts for an intelligent Internet, Communications of the ACM, v.41 n.11, p.93-98, Nov. 1998
Michael Burrows , Martin Abadi , Roger Needham, A logic of authentication, ACM Transactions on Computer Systems (TOCS), v.8 n.1, p.18-36, Feb. 1990
David Mazières , Michael Kaminsky , M. Frans Kaashoek , Emmett Witchel, Separating key management from file system security, ACM SIGOPS Operating Systems Review, v.33 n.5, p.124-139, Dec. 1999
Michael D. Dahlin , Clifford J. Mather , Randolph Y. Wang , Thomas E. Anderson , David A. Patterson, A quantitative analysis of cache policies for scalable network file systems, ACM SIGMETRICS Performance Evaluation Review, v.22 n.1, p.150-160, May 1994
Thorsten Hampel , Reinhard Keil-Slawik, sTeam - Designing an integrative infrastructure for Web-based computer-supported cooperative learning, Proceedings of the 10th international conference on World Wide Web, p.76-85, May 01-05, 2001, Hong Kong, Hong Kong
Woei-Jiunn Tsaur , Shi-Jinn Horng, Auditing Causal Relationships of Group Multicast Communications in Group-Oriented Distributed Systems, The Journal of Supercomputing, v.18 n.1, p.25-45, Jan. 2001
Trent Jaeger , Atul Prakash, Support for the file system security requirements of computational E-mail systems, Proceedings of the 2nd ACM Conference on Computer and communications security, p.1-9, November 1994, Fairfax, Virginia, United States
sTeam: structuring information in team-distributed knowledge management in cooperative learning environments, Journal on Educational Resources in Computing (JERIC), v.1 n.2es, Summer 2001
Anthony Harrington , Christian Jensen, Cryptographic access control in a distributed file system, Proceedings of the eighth ACM symposium on Access control models and technologies, June 02-03, 2003, Como, Italy
Steven J. Greenwald, A new security policy for distributed resource management and access control, Proceedings of the 1996 workshop on New security paradigms, p.74-86, September 17-20, 1996, Lake Arrowhead, California, United States
Antonio Durante , Riccardo Focardi , Roberto Gorrieri, A compiler for analyzing cryptographic protocols using noninterference, ACM Transactions on Software Engineering and Methodology (TOSEM), v.9 n.4, p.488-528, Oct. 2000
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A flexible authorization mechanism for relational data management systems, ACM Transactions on Information Systems (TOIS), v.17 n.2, p.101-140, April 1999
Mahadev Satyanarayanan , James J. Kistler , Puneet Kumar , Maria E. Okasaki , Ellen H. Siegel , David C. Steere, Coda: A Highly Available File System for a Distributed Workstation Environment, IEEE Transactions on Computers, v.39 n.4, p.447-459, April 1990
Patrícia Gomes Soares, On remote procedure call, Proceedings of the 1992 conference of the Centre for Advanced Studies on Collaborative research, November 09-12, 1992, Toronto, Ontario, Canada
Karthikeyan Bhargavan , Cédric Fournet , Andrew D. Gordon, A semantics for web services authentication, ACM SIGPLAN Notices, v.39 n.1, p.198-209, January 2004
M. Satyanarayanan , David C. Steere , Masashi Kudo , Hank Mashburn, Transparent logging as a technique for debugging complex distributed systems, Proceedings of the 5th workshop on ACM SIGOPS European workshop: Models and paradigms for distributed systems structuring, September 21-23, 1992, Mont Saint-Michel, France
Elisa Bertino , Sushil Jajodia , Pierangela Samarati, A non-timestamped authorization model for data management systems, Proceedings of the 3rd ACM conference on Computer and communications security, p.169-178, March 14-15, 1996, New Delhi, India
Edward D. Lazowska, Recent trends in experimental operating systems research, Proceedings of the twelfth annual ACM symposium on Principles of distributed computing, p.13-19, August 15-18, 1993, Ithaca, New York, United States
M. Satyanarayanan, Roger Needham, 1935-2003, IEEE Pervasive Computing, v.2 n.2, p.2-3, April 2003
Mahadev Satyanarayanan, The Influence of Scale on Distributed File System Design, IEEE Transactions on Software Engineering, v.18 n.1, p.1-8, January 1992
Mahadev Satyanarayanan, Scalable, Secure, and Highly Available Distributed File Access, Computer, v.23 n.5, p.9-18, 20-21, May 1990
Michael M. Swift , Anne Hopkins , Peter Brundrett , Cliff Van Dyke , Praerit Garg , Shannon Chan , Mario Goertzel , Gregory Jensenworth, Improving the granularity of access control for Windows 2000, ACM Transactions on Information and System Security (TISSEC), v.5 n.4, p.398-437, November 2002
Vishal Kher , Yongdae Kim, Securing distributed storage: challenges, techniques, and systems, Proceedings of the 2005 ACM workshop on Storage security and survivability, November 11-11, 2005, Fairfax, VA, USA
Mark D. Corner , Brian D. Noble, Zero-interaction authentication, Proceedings of the 8th annual international conference on Mobile computing and networking, September 23-28, 2002, Atlanta, Georgia, USA
Chiara Bodei , Mikael Buchholtz , Pierpaolo Degano , Flemming Nielson , Hanne Riis Nielson, Static validation of security protocols, Journal of Computer Security, v.13 n.3, p.347-390, May 2005
Li Gong , Xiaolei Qian, Computational Issues in Secure Interoperation, IEEE Transactions on Software Engineering, v.22 n.1, p.43-52, January 1996
Brijesh Kumar, Integration of security in network routing protocols, ACM SIGSAC Review, v.11 n.2, p.18-25, Spring 1993
Mark D. Corner , Brian D. Noble, Protecting file systems with transient authentication, Wireless Networks, v.11 n.1-2, p.7-19, January 2005
Karthikeyan Bhargavan , Cédric Fournet , Andrew D. Gordon, A semantics for web services authentication, Theoretical Computer Science, v.340 n.1, p.102-153, 13 June 2005
Klaas Sikkel, A group-based authorization model for cooperative systems, Proceedings of the fifth conference on European Conference on Computer-Supported Cooperative Work, p.345-360, September 07-11, 1997, Lancaster, UK
Jude T. Regan , Christian D. Jensen, Capability file names: separating authorisation from user management in an internet file system, Proceedings of the 10th conference on USENIX Security Symposium, p.17-17, August 13-17, 2001, Washington, D.C.
Trent Jaeger , Aviel D. Rubin , Atul Prakash, Building systems that flexibly control downloaded executable context, Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography, p.14-14, July 22-25, 1996, San Jose, California
Mirjana Spasojevic , M. Satyanarayanan, A usage profile and evaluation of a wide-area distributed file system, Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference, p.24-24, January 17-21, 1994, San Francisco, California
Alessandro Forin , Gerald R. Malan, An MS-DOS file system for UNIX, Proceedings of the USENIX Winter 1994 Technical Conference on USENIX Winter 1994 Technical Conference, p.26-26, January 17-21, 1994, San Francisco, California
Jude T. Regan , Christian D. Jensen, Capability file names: separating authorisation from user management in an internet file system, Proceedings of the 10th conference on USENIX Security Symposium, p.17-17, August 13-17, 2001, Washington, D.C.
Véronique Cortier , Stéphanie Delaune , Pascal Lafourcade, A survey of algebraic properties used in cryptographic protocols, Journal of Computer Security, v.14 n.1, p.1-43, January 2006
M. Satyanarayanan , Mirjana Spasojevic, AFS and the Web: competitors or collaborators?, ACM SIGOPS Operating Systems Review, v.31 n.1, p.18-23, Jan. 1997
Chiara Bodei , Pierpaolo Degano , Han Gao , Linda Brodo, Detecting and Preventing Type flaws: a Control Flow Analysis with Tags, Electronic Notes in Theoretical Computer Science (ENTCS), v.194 n.1, p.3-22, November, 2007
Li Gong, A security risk of depending on synchronized clocks, ACM SIGOPS Operating Systems Review, v.26 n.1, p.49-53, Jan. 1992
Paul El Khoury , Emmanuel Coquery , Mohand-Said Hacid, Consistency checking of role assignments in inter-organizational collaboration, Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS, November 04-04, 2008, Irvine, California
Jay A. McCarthy , Shriram Krishnamurthi, Minimal backups of cryptographic protocol runs, Proceedings of the 6th ACM workshop on Formal methods in security engineering, p.11-20, October 27-27, 2008, Alexandria, Virginia, USA
Stefan Miltchev , Jonathan M. Smith , Vassilis Prevelakis , Angelos Keromytis , Sotiris Ioannidis, Decentralized access control in distributed file systems, ACM Computing Surveys (CSUR), v.40 n.3, p.1-30, August 2008
Ashish Gehani , Surendar Chandra, Parameterized access control: from design to prototype, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey

INDEX TERMS

Primary Classification:
  D. Software
  D.4 OPERATING SYSTEMS

Additional Classification:
  C. Computer Systems Organization
  C.0 GENERAL

      Nouns: Andrew
  C.2 COMPUTER-COMMUNICATION NETWORKS

  D. Software
  D.4 OPERATING SYSTEMS
      D.4.3 File Systems Management
          Subjects: Distributed file systems

  E. Data
  E.3 DATA ENCRYPTION
      Subjects: Data encryption standard (DES)**


General Terms:
Algorithms, Design, Security


REVIEW

"Peter John Trueman : Reviewer"

Andrew is a distributed computer system at Carnegie-Mellon University. It currently consists of a network and 15 servers which are collectively called Vice, 400 UNIX workstations (Virtues), and about 1200 users. It will ultimately increase in si  more...

Collaborative Colleagues:
M. Satyanarayanan: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player