Firefly: A Multiprocessor Workstation
IEEE Transactions on Computers - Special issue on architectural support for programming languages and operating systems
Performance of the Firefly RPC
ACM Transactions on Computer Systems (TOCS)
Introduction to OSF DCE (rev. 1.0)
Introduction to OSF DCE (rev. 1.0)
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication and delegation with smart-cards
TACS'91 Selected papers of the conference on Theoretical aspects of computer software
The art of computer programming, volume 3: (2nd ed.) sorting and searching
The art of computer programming, volume 3: (2nd ed.) sorting and searching
Cryptography and secure channels
Distributed systems (2nd Ed.)
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
The MD4 Message Digest Algorithm
CRYPTO '90 Proceedings of the 10th Annual International Cryptology Conference on Advances in Cryptology
ACM SIGOPS Operating Systems Review
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
Extensible security architectures for Java
Proceedings of the sixteenth ACM symposium on Operating systems principles
Frangipani: a scalable distributed file system
Proceedings of the sixteenth ACM symposium on Operating systems principles
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Requirements of role-based access control for collaborative systems
RBAC '95 Proceedings of the first ACM Workshop on Role-based access control
Access control in federated systems
NSPW '96 Proceedings of the 1996 workshop on New security paradigms
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
SAFKASI: a security mechanism for language-based systems
ACM Transactions on Software Engineering and Methodology (TOSEM)
Protection in programming-language translations
Secure Internet programming
Distributed access-rights management with delegation certificates
Secure Internet programming
Secure Internet programming
Security Protocols and Specifications
FoSSaCS '99 Proceedings of the Second International Conference on Foundations of Software Science and Computation Structure, Held as Part of the European Joint Conferences on the Theory and Practice of Software, ETAPS'99
Validating a Web service security abstraction by typing
Proceedings of the 2002 ACM workshop on XML security
Cryptographic access control in a distributed file system
Proceedings of the eighth ACM symposium on Access control models and technologies
A Logic-based Knowledge Representation for Authorization with Delegation
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
Outcomes-based assessment as an assurance education tool
Security education and critical infrastructures
Decentralized user authentication in a global file system
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Terra: a virtual machine-based platform for trusted computing
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Computer Security in the Real World
Computer
Credentials and Beliefs in Remote Trusted Platforms Attestation
WOWMOM '06 Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks
Access control in a core calculus of dependency
Proceedings of the eleventh ACM SIGPLAN international conference on Functional programming
Access Control in a Core Calculus of Dependency
Electronic Notes in Theoretical Computer Science (ENTCS)
Requirements for scalable access control and security management architectures
ACM Transactions on Internet Technology (TOIT)
Singularity: rethinking the software stack
ACM SIGOPS Operating Systems Review - Systems work at Microsoft Research
REX: secure, extensible remote execution
ATEC '04 Proceedings of the annual conference on USENIX Annual Technical Conference
Flexible OS support and applications for trusted computing
HOTOS'03 Proceedings of the 9th conference on Hot Topics in Operating Systems - Volume 9
Access control in a world of software diversity
HOTOS'05 Proceedings of the 10th conference on Hot Topics in Operating Systems - Volume 10
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Operating system protection for fine-grained programs
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Building systems that flexibly control downloaded executable context
SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Secure delegation for distributed object environments
COOTS'98 Proceedings of the 4th conference on USENIX Conference on Object-Oriented Technologies and Systems - Volume 4
Authorizing applications in singularity
Proceedings of the 2nd ACM SIGOPS/EuroSys European Conference on Computer Systems 2007
Securing distributed systems with information flow control
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
AURA: a programming language for authorization and audit
Proceedings of the 13th ACM SIGPLAN international conference on Functional programming
Effective and efficient compromise recovery for weakly consistent replication
Proceedings of the 4th ACM European conference on Computer systems
Automatic creation and reconfiguration of network-aware service access paths
Computer Communications
A Mechanism for Identity Delegation at Authentication Level
NordSec '09 Proceedings of the 14th Nordic Conference on Secure IT Systems: Identity and Privacy in the Internet Age
Distributed programming with distributed authorization
Proceedings of the 5th ACM SIGPLAN workshop on Types in language design and implementation
Policy-based access control for weakly consistent replication
Proceedings of the 5th European conference on Computer systems
Auth-SL: a system for the specification and enforcement of quality-based authentication policies
ICICS'07 Proceedings of the 9th international conference on Information and communications security
A modal deconstruction of access control logics
FOSSACS'08/ETAPS'08 Proceedings of the Theory and practice of software, 11th international conference on Foundations of software science and computational structures
TAPIDO: trust and authorization via provenance and integrity in distributed objects
ESOP'08/ETAPS'08 Proceedings of the Theory and practice of software, 17th European conference on Programming languages and systems
Evaluating a collaborative defense architecture for MANETs
IMSAA'09 Proceedings of the 3rd IEEE international conference on Internet multimedia services architecture and applications
Security-typed programming within dependently typed programming
Proceedings of the 15th ACM SIGPLAN international conference on Functional programming
Securing MANET multicast using DIPLOMA
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Decentralized trust management
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
SP'96 Proceedings of the 1996 IEEE conference on Security and privacy
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Misuse detection in consent-based networks
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Quire: lightweight provenance for smart phone operating systems
SEC'11 Proceedings of the 20th USENIX conference on Security
CryptDB: protecting confidentiality with encrypted query processing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Logical attestation: an authorization architecture for trustworthy computing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Toward trust management in autonomic and coordination applications
ATC'06 Proceedings of the Third international conference on Autonomic and Trusted Computing
Device-enabled authorization in the grey system
ISC'05 Proceedings of the 8th international conference on Information Security
New modalities for access control logics: permission, control and ratification
STM'11 Proceedings of the 7th international conference on Security and Trust Management
Origin-bound certificates: a fresh approach to strong client authentication for the web
Security'12 Proceedings of the 21st USENIX conference on Security symposium
Belief semantics of authorization logic
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
SilverLine: preventing data leaks from compromised web applications
Proceedings of the 29th Annual Computer Security Applications Conference
| Hi-index | 0.00 |
We describe a design for security in a distributed system and its implementation. In our design, applications gain access to security services through a narrow interface. This interface provides a notion of identity that includes simple principals, groups, roles, and delegations. A new operating system component manages principals, credentials, and secure channels. It checks credentials according to the formal rules of a logic of authentication. Our implementation is efficient enough to support a substantial user community.