Scale and performance in a distributed file system
ACM Transactions on Computer Systems (TOCS)
Integrating security in a large distributed system
ACM Transactions on Computer Systems (TOCS)
Accessing Files in an Internet: The Jade File System
IEEE Transactions on Software Engineering
Separating key management from file system security
Proceedings of the seventeenth ACM symposium on Operating systems principles
Escaping the evils of centralized control with self-certifying pathnames
Proceedings of the 8th ACM SIGOPS European workshop on Support for composing distributed applications
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Limitations of the Kerberos authentication system
ACM SIGCOMM Computer Communication Review
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
Fast and secure distributed read-only file system
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
The CRISIS wide area security architecture
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hi-index | 0.00 |
The ability to access and share information over the Internet has introduced the need for new flexible, dynamic and fine-grained access control mechanisms. None of the current mechanisms for sharing information - distributed file systems and the web - offer adequate support for sharing in a large and highly dynamic group of users. Distributed file systems lack the ability to share information with unauthenticated users, and the web lacks fine grained access controls, i.e. the ability to grant individual users access to selected files. In this paper we present Capability File Names, a new access control mechanism, in which self-certifying file names are used as sparse capabilities that allow a user ubiquitous access to his files and enables him to delegate this right to a dynamic group of remote users. Encoding the capaility in the file name has two major advantages: it is self-supporting and it ensures full compatablity with existing programs. Capability file names have been implemented in a new file system called CapaFS. CapaFS separates user identification from authorisation, thus allowing users to share selected files with remote users without the intervention of a system administrator. The implementation of CapaFS is described and evaluated in this paper