More Web Proxy on the site http://driver.im/

article

Free access

Authentication in distributed systems: theory and practice

Editor: Anita K. Jones Authors:

Butler Lampson,

Michael Burrows,

Edward WobberAuthors Info & Claims

ACM Transactions on Computer Systems (TOCS), Volume 10, Issue 4

Pages 265 - 310

https://doi.org/10.1145/138873.138874

Published: 01 November 1992 Publication History

Abstract

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a “speaks for” relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

References

[1]

ABADI, M., BURROWS, M., KAUFMAN, C., AND LAMPSON, B. Authentication and delegation with smart-cards. In Theoretical Aspects of Computer Software, LNCS 526, Springer, 1991, pp. 326-345. Also Res. Rep. 67, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., Oct. 1990. To appear in Science of Computer Programming.]]

[2]

ABADI, M., BURROWS, M., LAMPSON, B., AND PLOTKIN, G. A calculus for access control in distributed systems. In Advances in Cryptology-- Crypto '91, LNCS 576, Springer, 1992, pp. 1-23. Also Res. Rep. 70, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., March 1991. To appear in ACM Trans. Program. Lang. Syst.]]

[3]

BIRRELL, A., LAMPSON, B., NEEDHAM, R., AND SCHROEDER, M. Global authentication without global trust. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1986), pp. 223-230.]]

[4]

BURROWS, M., ABADI, M., AND NEEDHAM, R. A logic of authentication. ACM Trans. Comput. Syst. 8, I (Feb. 1990), 18-36. An expanded version appeared in Proc. Royal Society A 426, 1871 (Dec. 1989), 233-271 and as Res. Rep. 39, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., Feb. 1989.]]

[5]

CCITT. Information Processmg Systems -- Open Systems Interconnectmn -- The Directory Authentication Framework. CCITT 1988 Recommendation X.509. Also ISO/IEC 9594-8:1989.]]

[6]

COMBA, P. Exponentiation cryptosystems on the IBM PC. IBM Syst. J. 28, 4 (Jul. 1990), 526- 538.]]

[7]

DAVIS, D. AND SWICK, R. Network aecurity via private-key certificatea. ACM Opec. 8y6t. Rev. 24, 4 (Oct. 1990), 64-67.]]

[8]

DENNING, D. A lattice model of secure information flow. Commun. ACM 19, 5 (May 1976), 236-243.]]

[9]

DEPARTMENT OF DEFENSE. Trusted Computer System Evaluation Criteria. DOD 5200.28- STD, 1985.]]

[10]

DIFFIE, W. AND HELLMAN, M. New directions m cryptography. IEEE Trans. Inf. Theor. IT- 22, 6 (Nov. 1976), 644-654.]]

[11]

EBERLE, H. AND THACKER, C. A i Gbit/second GaAs DES chip. In Proceedtngs of the IEEE 1992 Custom Integrated Circuit Conference (Boston, Mass., May 1992), pp. 19.7.1-19.7.4.]]

[12]

GASSER, M., GOLDSTEIN, A., KAUFMAN, C., AND LAMPSON, B. The Digital distributed system security architecture. In Proceedings of the 12th National Computer Securzty Conference (Baltimore, Md., Oct. 1989), pp. 305-319.]]

[13]

GASSER, M., AND MCDERMOTT, E. An architecture for practical delegation in a distributed system. In Proceedtngs of the IEEE Symposium on Securlty and Privacy (Oakland, Calif., May 1990), pp. 20-30.]]

[14]

HERBISON, B. Low cost outboard cryptographic support for SILS and SP4. In Proceedings of the 13th Natwnal Computer Sec~rity Conference (Baltimore, Md., Oct. 1990), pp. 286-295.]]

[15]

KOHL, J., NEUMAN, C., AND STEINER, J The Kerberos network authentication service. Version 5, draft 3, Project Athena, MIT, Cambridge, Mass., Oct. 1990.]]

[16]

LAMPSON, B. Protection. ACMOper. Syst. Rev. 8, I (Jan. 1974), 18-24.]]

[17]

LINN, J. Practical authentication for distributed systems. Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1990), pp. 31-40.]]

[18]

NATIONAL BUREAU OF STANDARDS. Data Encryption Standard. FIPS Pub. 46, Jan. 1977.]]

[19]

NEEDHAM, R. AND SCHROEDER, M. Using encryption for authentication in large networks of computers. Commun. ACM 21,12 (Dec. 1978), 993-999.]]

[20]

NEUMAN, C. Proxy-based authorization and accounting for distributed systems. Tech. Rep. 91-02~01, University of Washington, Seattle, Wash., March 1991.]]

[21]

RIVEST, R., SHAMIR, A., AND ADLEMAN, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM21, 2 (Feb. 1978), 120-126.]]

[22]

RIVEST, R. The M D4 message digest algorithm. In Advances in Cryptology--Crypto '90, Springer, 1991, pp. 303-311.]]

[23]

RIVEST, R. AND DUSSE, S. The MD5 Message-DzgestAlgorzthm. Internet Draft {MD5-A}: draft-rsadsi-rivest-md5-01.txt, July 1991.]]

[24]

SALTZER, J., REED, D., AND CLARK, D. End-to-end arguments in system design. ACM Trans. Comput. Syst. 2, 4 (Nov. 1984)~ 277-288.]]

[25]

SHAND, M., BERTIN, P., AND VUILLEMIN, J. Resource tradeoffs in fast long integer multiplication. In 2nd ACM Symposium on Parallel Algorithms and Architectures (Crete, July 1990).]]

[26]

STEINER, J., NEUMAN, C., AND SCHILLER, J. Kerberos: An authentication service for open network systems. In Proceedings of the Usen~x Winter Conference (Berkeley, Calif., Feb 1988), pp. 191-202.]]

[27]

TARDO, J. AND ALAGAPPAN, K. SPX: Global authentication using public key certificates. Proceedings of the IEEE Symposium on Securzty and Prtvacy (Oakland, Calif., May 1991), pp. 232-244.]]

[28]

VOYDOCK, V. AND KENT, S. Security mechamsms in high-level network protocols. ACM Comput. Surv. 15, 2 (Jun. 1983), 135-171.]]

Cited By

Etibou JPierre S(2024)IoT Devices Modular Security Approach Using Positioning Security EngineIEEE Access10.1109/ACCESS.2024.342465812(147659-147670)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3424658
Nazih OBenamar NLamaazi HChoaui H(2024)Toward Secure and Trustworthy Vehicular Fog Computing: A SurveyIEEE Access10.1109/ACCESS.2024.337148812(35154-35171)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3371488
Sun QMa HZhao TXin YChen Q(2024)Break down the decentralization-security-privacy trilemma in management of distributed energy systemsNature Communications10.1038/s41467-024-48860-715:1Online publication date: 27-May-2024
https://doi.org/10.1038/s41467-024-48860-7
Show More Cited By

Recommendations

A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...
A rule-based framework for role based delegation
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Computer Systems

ACM Transactions on Computer Systems Volume 10, Issue 4

Nov. 1992

127 pages

ISSN:0734-2071

EISSN:1557-7333

DOI:10.1145/138873

Editor:
Anita K. Jones
Univ. of Virginia, Charlottesville, VA

Issue’s Table of Contents

Copyright © 1992 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 1992

Published in TOCS Volume 10, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

510
Total Citations
View Citations
5,736
Total Downloads

Downloads (Last 12 months)395
Downloads (Last 6 weeks)64

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Etibou JPierre S(2024)IoT Devices Modular Security Approach Using Positioning Security EngineIEEE Access10.1109/ACCESS.2024.342465812(147659-147670)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3424658
Nazih OBenamar NLamaazi HChoaui H(2024)Toward Secure and Trustworthy Vehicular Fog Computing: A SurveyIEEE Access10.1109/ACCESS.2024.337148812(35154-35171)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3371488
Sun QMa HZhao TXin YChen Q(2024)Break down the decentralization-security-privacy trilemma in management of distributed energy systemsNature Communications10.1038/s41467-024-48860-715:1Online publication date: 27-May-2024
https://doi.org/10.1038/s41467-024-48860-7
Moore MKuppusamy TCappos J(2023)Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update SystemsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627129(83-97)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627129
Koshiba AGust FPritzi JVahldiek-Oberwagner ASantos NBhatotia P(2023)Trusted Heterogeneous Disaggregated ArchitecturesProceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3609510.3609812(72-79)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1145/3609510.3609812
Khalil UMalik OUddin MChen C(2022)A Comparative Analysis on Blockchain versus Centralized Authentication Architectures for IoT-Enabled Smart Devices in Smart Cities: A Comprehensive Review, Recent Advances, and Future Research DirectionsSensors10.3390/s2214516822:14(5168)Online publication date: 10-Jul-2022
https://doi.org/10.3390/s22145168
Bhushan RYadav D(2022)A Survey on Formal Verification of Separation KernelsRecent Advances in Computer Science and Communications10.2174/266625581366620120715423015:6Online publication date: Jul-2022
https://doi.org/10.2174/2666255813666201207154230
Zhang HAgarwal YFredrikson MBulusu NAryafar EBalasubramanian ASong J(2022)TEOProceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services10.1145/3498361.3539774(302-315)Online publication date: 27-Jun-2022
https://dl.acm.org/doi/10.1145/3498361.3539774
Yu LYu WLv Y(2022)Multi-Dimensional Privacy-Preserving Average Consensus in Wireless Sensor NetworksIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2021.309595269:3(1104-1108)Online publication date: Mar-2022
https://doi.org/10.1109/TCSII.2021.3095952
Nazih OBenamar NLamaazi HChaoui H(2022)Challenges and future directions for security and privacy in vehicular fog computing2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)10.1109/3ICT56508.2022.9990869(693-699)Online publication date: 20-Nov-2022
https://doi.org/10.1109/3ICT56508.2022.9990869
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Figures

Tables

Media

View Issue’s Table of Contents