Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
How to prove yourself: practical solutions to identification and signature problems
Proceedings on Advances in cryptology---CRYPTO '86
Authentication in distributed systems: theory and practice
SOSP '91 Proceedings of the thirteenth ACM symposium on Operating systems principles
Disconnected operation in the Coda File System
ACM Transactions on Computer Systems (TOCS)
Authentication in the Taos operating system
SOSP '93 Proceedings of the fourteenth ACM symposium on Operating systems principles
Towards an active network architecture
ACM SIGCOMM Computer Communication Review
A Certification Scheme for Electronic Commerce
Proceedings of the International Workshop on Security Protocols
Implementation of a discretionary access control model for script-based systems
CSFW '95 Proceedings of the 8th IEEE workshop on Computer Security Foundations
Java Security: From HotJava to Netscape and Beyond
SP '96 Proceedings of the 1996 IEEE Symposium on Security and Privacy
WebOS: Operating System Services for Wide Area Applications
WebOS: Operating System Services for Wide Area Applications
A New Model of Security for Distributed Systems
A New Model of Security for Distributed Systems
A security architecture for computational grids
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Flexible control of downloaded executable content
ACM Transactions on Information and System Security (TISSEC)
Providing policy-neutral and transparent access control in extensible systems
Secure Internet programming
An authorization framework for metacomputing applications
Cluster Computing
Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Smart Environments: Middleware Building Blocks for Pervasive Network Computing (A Position Paper)
IMWS '01 Revised Papers from the NSF Workshop on Developing an Infrastructure for Mobile and Wireless Systems
Cryptographic access control in a distributed file system
Proceedings of the eighth ACM symposium on Access control models and technologies
WebDAVA: An Administrator-Free Approach To Web File-Sharing
WETICE '03 Proceedings of the Twelfth International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises
SHARP: an architecture for secure resource peering
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Certificate-based authorization policy in a PKI environment
ACM Transactions on Information and System Security (TISSEC)
Future Generation Computer Systems - Special issue: P2P computing and interaction with grids
On classifying access control implementations for distributed systems
Proceedings of the eleventh ACM symposium on Access control models and technologies
Design and implementation of a secure wide-area object middleware
Computer Networks: The International Journal of Computer and Telecommunications Networking
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Active names: flexible location and transport of wide-area resources
USITS'99 Proceedings of the 2nd conference on USENIX Symposium on Internet Technologies and Systems - Volume 2
Capability file names: separating authorisation from user management in an internet file system
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
VegaFS: file sharing crossing multiple domains
International Journal of High Performance Computing and Networking
Decentralized access control in distributed file systems
ACM Computing Surveys (CSUR)
Parameterized access control: from design to prototype
Proceedings of the 4th international conference on Security and privacy in communication netowrks
An authentication model for delegation, attribution and least privilege
Proceedings of the 3rd International Conference on PErvasive Technologies Related to Assistive Environments
EGSI: TGKA Based Security Architecture for Group Communication in Grid
CCGRID '10 Proceedings of the 2010 10th IEEE/ACM International Conference on Cluster, Cloud and Grid Computing
Security services architecture for Secure Mobile Grid Systems
Journal of Systems Architecture: the EUROMICRO Journal
Systematic design of secure Mobile Grid systems
Journal of Network and Computer Applications
Nephele: Scalable Access Control for Federated File Services
Journal of Grid Computing
| Hi-index | 0.00 |
This paper presents the design and implementation of a new authentication and access control system, called CRISIS. A goal of CRISIS is to explore the systematic application of a number of design principles to building highly secure systems, including: redundancy to eliminate single points of attack, caching to improve performance and availability over slow and unreliable wide area networks, fine-grained capabilities and roles to enable lightweight control of privilege, and complete local logging of all evidence used to make each access control decision. Measurements of a prototype CRISIS-enabled wide area file system show that in the common case CRISIS adds only marginal overhead relative to unprotected wide area accesses.