Authentication in distributed systems

1 September 1991

journal article
Published by Association for Computing Machinery (ACM) in ACM SIGOPS Operating Systems Review

Vol. 25 (5) , 165-182
https://doi.org/10.1145/121133.121160

Abstract

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a "speaks for" relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. The theory explains how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed mechanisms for security. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, loading programs, delegation, access control, and revocation.

Keywords

This publication has 13 references indexed in Scilit:

Network security via private-key certificates
ACM SIGOPS Operating Systems Review, 1990
A logic of authentication
ACM Transactions on Computer Systems, 1990
Exponentiation cryptosystems on the IBM PC
IBM Systems Journal, 1990
An architecture for practical delegation in a distributed system
Published by Institute of Electrical and Electronics Engineers (IEEE) ,1990
End-to-end arguments in system design
ACM Transactions on Computer Systems, 1984
Using encryption for authentication in large networks of computers
Communications of the ACM, 1978
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM, 1978
New directions in cryptography
IEEE Transactions on Information Theory, 1976
A lattice model of secure information flow
Communications of the ACM, 1976
Protection
ACM SIGOPS Operating Systems Review, 1974