Experiences with the Amoeba distributed operating system
Communications of the ACM
Authentication in distributed systems: theory and practice
ACM Transactions on Computer Systems (TOCS)
A calculus for access control in distributed systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Authentication in the Taos operating system
ACM Transactions on Computer Systems (TOCS) - Special issue on operating systems principles
Prudent Engineering Practice for Cryptographic Protocols
IEEE Transactions on Software Engineering
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
CCS '99 Proceedings of the 6th ACM conference on Computer and communications security
Security Mechanisms in High-Level Network Protocols
ACM Computing Surveys (CSUR)
End-to-end arguments in system design
ACM Transactions on Computer Systems (TOCS)
The KeyKOS Nanokernel Architecture
Proceedings of the Workshop on Micro-kernels and Other Kernel Architectures
ESORICS '00 Proceedings of the 6th European Symposium on Research in Computer Security
Decentralized Trust Management
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
Naming and sharing resources across administrative boundaries
Naming and sharing resources across administrative boundaries
A Community Authorization Service for Group Collaboration
POLICY '02 Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks (POLICY'02)
Fault-tolerant grid architecture and practice
Journal of Computer Science and Technology - Grid computing
Implementing access control to people location information
Proceedings of the ninth ACM symposium on Access control models and technologies
The Anatomy of the Grid: Enabling Scalable Virtual Organizations
International Journal of High Performance Computing Applications
Run-time principals in information-flow type systems
ACM Transactions on Programming Languages and Systems (TOPLAS)
Alpaca: extensible authorization for distributed services
Proceedings of the 14th ACM conference on Computer and communications security
Nexus authorization logic (NAL): Design rationale and applications
ACM Transactions on Information and System Security (TISSEC)
Securing information gateways with derivation-constrained access control
SPC'06 Proceedings of the Third international conference on Security in Pervasive Computing
| Hi-index | 0.02 |
Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system is a practical approach to the desirable goal of end-to-end authorization.