ACM Transactions on Computer Systems (TOCS)
Network security via private-key certificates
ACM SIGOPS Operating Systems Review
Hardware speedups in long integer multiplication
SPAA '90 Proceedings of the second annual ACM symposium on Parallel algorithms and architectures
Exponentiation cryptosystems on the IBM PC
IBM Systems Journal
Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Using encryption for authentication in large networks of computers
Communications of the ACM
A lattice model of secure information flow
Communications of the ACM
A Calculus for Access Control in Distributed Systems
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
ACM SIGOPS Operating Systems Review
Wide-address spaces: exploring the design space
ACM SIGOPS Operating Systems Review
Recent trends in experimental operating systems research
PODC '93 Proceedings of the twelfth annual ACM symposium on Principles of distributed computing
A framework for distributed authorization
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A coherent distributed file cache with directory write-behind
ACM Transactions on Computer Systems (TOCS)
Access control for large collections
ACM Transactions on Information Systems (TOIS)
A decentralized model for information flow control
Proceedings of the sixteenth ACM symposium on Operating systems principles
Protecting privacy using the decentralized label model
ACM Transactions on Software Engineering and Methodology (TOSEM)
The Journal of Supercomputing
A Calculus for Access Control in Distributed Systems
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Building a Secure, Location Transparent Object Invocation System
IWOOOS '95 Proceedings of the 4th International Workshop on Object-Orientation in Operating Systems
SHARP: an architecture for secure resource peering
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Some definitions, protocols and proofs about secure authentication
CASCON '92 Proceedings of the 1992 conference of the Centre for Advanced Studies on Collaborative research - Volume 2
Managing heterogeneous distributed computing systems: using information repositories
CASCON '93 Proceedings of the 1993 conference of the Centre for Advanced Studies on Collaborative research: distributed computing - Volume 2
Future Generation Computer Systems - Special issue: P2P computing and interaction with grids
Token-mediated certification and electronic commerce
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
SNP: an interface for secure network programming
USTC'94 Proceedings of the USENIX Summer 1994 Technical Conference on USENIX Summer 1994 Technical Conference - Volume 1
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Compliance defects in public-key cryptography
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Dynamics, Robustness and Fragility of Trust
Formal Aspects in Security and Trust
Paralocks: role-based information flow control and beyond
Proceedings of the 37th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A nested token-based delegation scheme for cascaded delegation in mobile agent environments
HSI'03 Proceedings of the 2nd international conference on Human.society@internet
Quantifying and qualifying trust: spectral decomposition of trust networks
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Practical property-based attestation on mobile devices
TRUST'11 Proceedings of the 4th international conference on Trust and trustworthy computing
Decentralized delimited release
APLAS'11 Proceedings of the 9th Asian conference on Programming Languages and Systems
Hi-index | 0.00 |
We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a "speaks for" relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegation of authority. The theory explains how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed mechanisms for security. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, loading programs, delegation, access control, and revocation.