[284] in Kerberos
[Steven L. Waldbusser: Vice Authentication]
daemon@TELECOM.MIT.EDU (Jon Rochlis)
Fri Dec 11 16:08:34 1987
From: Jon Rochlis <jon@ATHENA.MIT.EDU>
To: kerberos@ATHENA.MIT.EDU
You might be interested in the following paper. The whole paper can
be found in /mit/jon/Random/Text/vice.PS (spify poscript figures and
all). An abreviated lpt version of particular relevance to
athentication can be found in the RMAIL file /mit/jon/Mail/awg ...
-- Job
INTEGRATING SECURITY IN A LARGE DISTRIBUTED SYSTEM
M. Satyanarayanan
Department of Computer Science
Carnegie Mellon University
30 November 1987
ABSTRACT
Andrew is a distributed computing environment that is a synthesis of
the personal computing and timesharing paradigms. When mature, it is
expected to encompass over 5000 workstations spanning the Carnegie
Mellon University campus. This paper examines the security issues that
arise in such an environment and describes the mechanisms that have
been developed to address them. These mechanisms include the logical
and physical separation of servers and clients, support for secure
communication at the remote procedure call level, a distributed
authentication service, a file-protection scheme that combines access
lists with Unix mode bits, and the use of encryption as a basic
building block. The paper also discusses the assumptions underlying
security in Andrew and analyses the vulnerability of the system. Usage
experience reveals that resource control, particularly of workstation
CPU cycles, is more important than originally anticipated and that the
mechanisms available to address this issue are rudimentary.
