AUTHENTICATION IN DISTRIBUTED SYSTEMS - THEORY AND PRACTICE

被引：248

作者：

LAMPSON, B

ABADI, M

BURROWS, M

WOBBER, E

机构：

[1] Digital Equipment Corp., Systems Research Center, Palo Alto, CA 94301

来源：

ACM TRANSACTIONS ON COMPUTER SYSTEMS | 1992年 / 10卷 / 04期

关键词：

SECURITY; THEORY; VERIFICATION; CERTIFICATION AUTHORITY; DELEGATION; GROUP; INTERPROCESS COMMUNICATION; KEY DISTRIBUTION; LOADING PROGRAMS; PATH NAME; PRINCIPAL; ROLE; SECURE CHANNEL; SPEAKS FOR; TRUSTED COMPUTING BASE;

D O I：

10.1145/138873.138874

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 [计算机软件与理论];

摘要：

We describe a theory of authentication and a system that implements it. Our theory is based on the notion of principal and a 'speaks for' relation between principals. A simple principal either has a name or is a communication channel; a compound principal can express an adopted role or delegated authority. The theory shows how to reason about a principal's authority by deducing the other principals that it can speak for; authenticating a channel is one important application. We use the theory to explain many existing and proposed security mechanisms. In particular, we describe the system we have built. It passes principals efficiently as arguments or results of remote procedure calls, and it handles public and shared key encryption, name lookup in a large name space, groups of principals, program loading, delegation, access control, and revocation.

引用

页码：265 / 310

页数：46

共 30 条

[1]

ABADI M, 1992, LECT NOTES COMPUT SC, V576, P1

[2]

ABADI M, 1991, LECT NOTES COMPUT SC, V526, P326

[3]

ABADI M, 1991, IN PRESS ACM T PROGR

[4]

ABADI M, 1990, IN PRESS SCI COMPUTE