article

Free access

Authentication in distributed systems: theory and practice

Editor: Anita K. Jones Authors:

Butler Lampson,

Martín Abadi,

Michael Burrows,

Edward WobberAuthors Info & Claims

ACM Transactions on Computer Systems (TOCS), Volume 10, Issue 4

Pages 265 - 310

https://doi.org/10.1145/138873.138874

Published: 01 November 1992 Publication History

PDF eReader

Abstract

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a “speaks for” relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

References

[1]

ABADI, M., BURROWS, M., KAUFMAN, C., AND LAMPSON, B. Authentication and delegation with smart-cards. In Theoretical Aspects of Computer Software, LNCS 526, Springer, 1991, pp. 326-345. Also Res. Rep. 67, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., Oct. 1990. To appear in Science of Computer Programming.]]

Crossref

Google Scholar

[2]

ABADI, M., BURROWS, M., LAMPSON, B., AND PLOTKIN, G. A calculus for access control in distributed systems. In Advances in Cryptology-- Crypto '91, LNCS 576, Springer, 1992, pp. 1-23. Also Res. Rep. 70, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., March 1991. To appear in ACM Trans. Program. Lang. Syst.]]

Crossref

Google Scholar

[3]

BIRRELL, A., LAMPSON, B., NEEDHAM, R., AND SCHROEDER, M. Global authentication without global trust. In Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1986), pp. 223-230.]]

Google Scholar

[4]

BURROWS, M., ABADI, M., AND NEEDHAM, R. A logic of authentication. ACM Trans. Comput. Syst. 8, I (Feb. 1990), 18-36. An expanded version appeared in Proc. Royal Society A 426, 1871 (Dec. 1989), 233-271 and as Res. Rep. 39, Systems Research Center, Digital Equipment Corp., Palo Alto, Calif., Feb. 1989.]]

Crossref

Google Scholar

[5]

CCITT. Information Processmg Systems -- Open Systems Interconnectmn -- The Directory Authentication Framework. CCITT 1988 Recommendation X.509. Also ISO/IEC 9594-8:1989.]]

Google Scholar

[6]

COMBA, P. Exponentiation cryptosystems on the IBM PC. IBM Syst. J. 28, 4 (Jul. 1990), 526- 538.]]

Crossref

Google Scholar

[7]

DAVIS, D. AND SWICK, R. Network aecurity via private-key certificatea. ACM Opec. 8y6t. Rev. 24, 4 (Oct. 1990), 64-67.]]

Crossref

Google Scholar

[8]

DENNING, D. A lattice model of secure information flow. Commun. ACM 19, 5 (May 1976), 236-243.]]

Crossref

Google Scholar

[9]

DEPARTMENT OF DEFENSE. Trusted Computer System Evaluation Criteria. DOD 5200.28- STD, 1985.]]

Google Scholar

[10]

DIFFIE, W. AND HELLMAN, M. New directions m cryptography. IEEE Trans. Inf. Theor. IT- 22, 6 (Nov. 1976), 644-654.]]

Google Scholar

[11]

EBERLE, H. AND THACKER, C. A i Gbit/second GaAs DES chip. In Proceedtngs of the IEEE 1992 Custom Integrated Circuit Conference (Boston, Mass., May 1992), pp. 19.7.1-19.7.4.]]

Google Scholar

[12]

GASSER, M., GOLDSTEIN, A., KAUFMAN, C., AND LAMPSON, B. The Digital distributed system security architecture. In Proceedings of the 12th National Computer Securzty Conference (Baltimore, Md., Oct. 1989), pp. 305-319.]]

Google Scholar

[13]

GASSER, M., AND MCDERMOTT, E. An architecture for practical delegation in a distributed system. In Proceedtngs of the IEEE Symposium on Securlty and Privacy (Oakland, Calif., May 1990), pp. 20-30.]]

Google Scholar

[14]

HERBISON, B. Low cost outboard cryptographic support for SILS and SP4. In Proceedings of the 13th Natwnal Computer Sec~rity Conference (Baltimore, Md., Oct. 1990), pp. 286-295.]]

Google Scholar

[15]

KOHL, J., NEUMAN, C., AND STEINER, J The Kerberos network authentication service. Version 5, draft 3, Project Athena, MIT, Cambridge, Mass., Oct. 1990.]]

Google Scholar

[16]

LAMPSON, B. Protection. ACMOper. Syst. Rev. 8, I (Jan. 1974), 18-24.]]

Crossref

Google Scholar

[17]

LINN, J. Practical authentication for distributed systems. Proceedings of the IEEE Symposium on Security and Privacy (Oakland, Calif., May 1990), pp. 31-40.]]

Google Scholar

[18]

NATIONAL BUREAU OF STANDARDS. Data Encryption Standard. FIPS Pub. 46, Jan. 1977.]]

Google Scholar

[19]

NEEDHAM, R. AND SCHROEDER, M. Using encryption for authentication in large networks of computers. Commun. ACM 21,12 (Dec. 1978), 993-999.]]

Crossref

Google Scholar

[20]

NEUMAN, C. Proxy-based authorization and accounting for distributed systems. Tech. Rep. 91-02~01, University of Washington, Seattle, Wash., March 1991.]]

Google Scholar

[21]

RIVEST, R., SHAMIR, A., AND ADLEMAN, L. A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM21, 2 (Feb. 1978), 120-126.]]

Crossref

Google Scholar

[22]

RIVEST, R. The M D4 message digest algorithm. In Advances in Cryptology--Crypto '90, Springer, 1991, pp. 303-311.]]

Crossref

Google Scholar

[23]

RIVEST, R. AND DUSSE, S. The MD5 Message-DzgestAlgorzthm. Internet Draft {MD5-A}: draft-rsadsi-rivest-md5-01.txt, July 1991.]]

Crossref

Google Scholar

[24]

SALTZER, J., REED, D., AND CLARK, D. End-to-end arguments in system design. ACM Trans. Comput. Syst. 2, 4 (Nov. 1984)~ 277-288.]]

Crossref

Google Scholar

[25]

SHAND, M., BERTIN, P., AND VUILLEMIN, J. Resource tradeoffs in fast long integer multiplication. In 2nd ACM Symposium on Parallel Algorithms and Architectures (Crete, July 1990).]]

Crossref

Google Scholar

[26]

STEINER, J., NEUMAN, C., AND SCHILLER, J. Kerberos: An authentication service for open network systems. In Proceedings of the Usen~x Winter Conference (Berkeley, Calif., Feb 1988), pp. 191-202.]]

Google Scholar

[27]

TARDO, J. AND ALAGAPPAN, K. SPX: Global authentication using public key certificates. Proceedings of the IEEE Symposium on Securzty and Prtvacy (Oakland, Calif., May 1991), pp. 232-244.]]

Google Scholar

[28]

VOYDOCK, V. AND KENT, S. Security mechamsms in high-level network protocols. ACM Comput. Surv. 15, 2 (Jun. 1983), 135-171.]]

Crossref

Google Scholar

Cited By

View all

Etibou JPierre S(2024)IoT Devices Modular Security Approach Using Positioning Security EngineIEEE Access10.1109/ACCESS.2024.342465812(147659-147670)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3424658
Nazih OBenamar NLamaazi HChoaui H(2024)Toward Secure and Trustworthy Vehicular Fog Computing: A SurveyIEEE Access10.1109/ACCESS.2024.337148812(35154-35171)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3371488
Sun QMa HZhao TXin YChen Q(2024)Break down the decentralization-security-privacy trilemma in management of distributed energy systemsNature Communications10.1038/s41467-024-48860-715:1Online publication date: 27-May-2024
https://doi.org/10.1038/s41467-024-48860-7
Show More Cited By

Recommendations

A rule-based framework for role-based delegation and revocation

Delegation is the process whereby an active entity in a distributed environment authorizes another entity to access resources. In today's distributed systems, a user often needs to act on another user's behalf with some subset of his/her rights. Most ...
A rule-based framework for role based delegation
SACMAT '01: Proceedings of the sixth ACM symposium on Access control models and technologies

In current role-based systems, security officers handle assignments of users to roles. However, fully depending on this functionality may increase management efforts in a distributed environment because of the continuous involvement from security ...
PBDM: a flexible delegation model in RBAC
SACMAT '03: Proceedings of the eighth ACM symposium on Access control models and technologies

Role-based access control (RBAC) is recognized as an efficient access control model for large organizations. Most organizations have some business rules related to access control policy. Delegation of authority is among these rules. RBDM0 and RDM2000 ...

Reviews

Reviewer: Stanley A. Kurzban

Although the use of distributed systems is growing rapidly, they have not yet come to dominate conventional business data processing. The authors usefully address a significant impediment to such domination: effective access control across distributed systems. Various open systems efforts have focused on functional requirements, and much work has been done on means of personal identification and on cryptographic protocols and algorithms that protect data used to authenticate identities. The authors provide a theoretical foundation for authentication in distributed systems. They give their audience of software designers and theoreticians the tools they need to develop precise statements about who and what represents whom in computerized transactions. Those notions are vital to implementation of effective, industrial-strength, identity-based access control, without which processing of organizations' most valuable data would be intolerably hazardous. The notion that a communication line may trustably represent a person is basic, but much more is involved. People may represent one another. Credentials must be fetched, presented, and authenticated. Names must be established, distinguished, and associated with one another. People must aggregate in groups and assume functional roles. The authors develop formalisms for all these tasks meticulously yet understandably. Regrettably, the authors do little to relate their work to the world of business data processing. They write only of system administrators, when the world also needs to know about clerks and managers. The only type of access that appears in their examples is read access, but write access and especially distinctions between the two are far more important. They barely begin to relate their work to that of Clark and Wilson [1], Chaum [2], and Abrams [3], all of which it can serve well. They hardly touch on such vital closely related notions as object naming, auditing, identity-verification devices, and capabilities, although they do refer the reader to longer works they have written that might extend to some of these topics. Criticism about what the authors have not written must not obscure what they have, however. This paper is a significant contribution to the field, and those interested in the subject will find it an invaluable foundation for their work.

Access critical reviews of Computing literature here

Become a reviewer for Computing Reviews.

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Transactions on Computer Systems

ACM Transactions on Computer Systems Volume 10, Issue 4

Nov. 1992

127 pages

ISSN:0734-2071

EISSN:1557-7333

DOI:10.1145/138873

Editor:
Anita K. Jones
Univ. of Virginia, Charlottesville, VA

Issue’s Table of Contents

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 November 1992

Published in TOCS Volume 10, Issue 4

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

510
Total Citations
View Citations
5,634
Total Downloads

Downloads (Last 12 months)366
Downloads (Last 6 weeks)68

Reflects downloads up to 13 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Etibou JPierre S(2024)IoT Devices Modular Security Approach Using Positioning Security EngineIEEE Access10.1109/ACCESS.2024.342465812(147659-147670)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3424658
Nazih OBenamar NLamaazi HChoaui H(2024)Toward Secure and Trustworthy Vehicular Fog Computing: A SurveyIEEE Access10.1109/ACCESS.2024.337148812(35154-35171)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3371488
Sun QMa HZhao TXin YChen Q(2024)Break down the decentralization-security-privacy trilemma in management of distributed energy systemsNature Communications10.1038/s41467-024-48860-715:1Online publication date: 27-May-2024
https://doi.org/10.1038/s41467-024-48860-7
Moore MKuppusamy TCappos J(2023)Artemis: Defanging Software Supply Chain Attacks in Multi-repository Update SystemsProceedings of the 39th Annual Computer Security Applications Conference10.1145/3627106.3627129(83-97)Online publication date: 4-Dec-2023
https://dl.acm.org/doi/10.1145/3627106.3627129
Koshiba AGust FPritzi JVahldiek-Oberwagner ASantos NBhatotia P(2023)Trusted Heterogeneous Disaggregated ArchitecturesProceedings of the 14th ACM SIGOPS Asia-Pacific Workshop on Systems10.1145/3609510.3609812(72-79)Online publication date: 24-Aug-2023
https://dl.acm.org/doi/10.1145/3609510.3609812
Khalil UMalik OUddin MChen C(2022)A Comparative Analysis on Blockchain versus Centralized Authentication Architectures for IoT-Enabled Smart Devices in Smart Cities: A Comprehensive Review, Recent Advances, and Future Research DirectionsSensors10.3390/s2214516822:14(5168)Online publication date: 10-Jul-2022
https://doi.org/10.3390/s22145168
Bhushan RYadav D(2022)A Survey on Formal Verification of Separation KernelsRecent Advances in Computer Science and Communications10.2174/266625581366620120715423015:6Online publication date: Jul-2022
https://doi.org/10.2174/2666255813666201207154230
Zhang HAgarwal YFredrikson MBulusu NAryafar EBalasubramanian ASong J(2022)TEOProceedings of the 20th Annual International Conference on Mobile Systems, Applications and Services10.1145/3498361.3539774(302-315)Online publication date: 27-Jun-2022
https://dl.acm.org/doi/10.1145/3498361.3539774
Yu LYu WLv Y(2022)Multi-Dimensional Privacy-Preserving Average Consensus in Wireless Sensor NetworksIEEE Transactions on Circuits and Systems II: Express Briefs10.1109/TCSII.2021.309595269:3(1104-1108)Online publication date: Mar-2022
https://doi.org/10.1109/TCSII.2021.3095952
Nazih OBenamar NLamaazi HChaoui H(2022)Challenges and future directions for security and privacy in vehicular fog computing2022 International Conference on Innovation and Intelligence for Informatics, Computing, and Technologies (3ICT)10.1109/3ICT56508.2022.9990869(693-699)Online publication date: 20-Nov-2022
https://doi.org/10.1109/3ICT56508.2022.9990869
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

A rule-based framework for role-based delegation and revocation

A rule-based framework for role based delegation

PBDM: a flexible delegation model in RBAC

Reviews

Access critical reviews of Computing literature here