Decentralized user authentication in a global file system

Operating Systems Review (ACM)

Volumn 37, Issue 5, 2003, Pages 60-73

  Kaminsky, Michael ^a   Sawides, George ^a   Mazières, David ^a   Kaashoek, M Frans ^a  

^a MCGILL UNIVERSITY   (Canada)

Author keywords

ACL; Authentication; Authorization; Credentials; File system; Groups; SFS; Users

Indexed keywords

ALGORITHMS; CONTROL THEORY; INFORMATION ANALYSIS; MATHEMATICAL MODELS; NETWORK PROTOCOLS; SERVERS;

COMPUTING ENVIRONMENT; FILE SYSTEMS; NODES; SECURITY;

COMPUTER OPERATING SYSTEMS;

EID: 21644433636     PISSN: 01635980     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1145/1165389.945452     Document Type: Conference Paper

References (38)

1. Atul Adya, William J. Bolosky, Miguel Castro, Gerald Cermak, Ronnie Chaiken, John R. Douceur, Jon Howell, Jacob R. Lorch, Marvin Theimer, and Roger P. Wattenhofer. FARSITE: Federated, available, and reliable storage for an incompletely trusted environment. In Proceedings of the 5th Symposium on Operating Systems Design and Implementation, pages 1-14, Boston, MA, December 2002.
2. Eshwar Belani, Amin Vahdat, Thomas Anderson, and Michael Dahlin. The CRISIS wide area security architecture. In Proceedings of the 7th USENIX Security Symposium, pages 15-30, San Antonio, TX, January 1998.
3. Berkeley DB. http://www.sleepycat.com/.
4. Andrew D. Birrell, Andy Hisgen, Chuck Jerian, Timothy Mann, and Garret Swart. The Echo distributed file system. Technical Report 111, Digital Systems Research Center, Palo Alto, CA, September 1993.
5. Andrew D. Birrell, Butler W. Lampson, Roger M. Needham, and Michael D. Schroeder. A global authentication service without global trust. In Proceedings of the 1986 IEEE Symposium on Security and Privacy, pages 223-230, Oakland, CA, 1986.
6. Andrew D. Birrell, Roy Levin, Roger M. Needham, and Michael D. Schroeder. Grapevine: An exercise in distributed computing. Communications of the ACM, 25(4):260-274, April 1982.
7. R. Butler, D. Engert, I. Foster, C. Kesselman, S. Tuecke, J. Volmer, and V. Welch. A national-scale authentication infrastructure. IEEE Computer, 33(12):60-66, 2000.
8. B. Callaghan, B. Pawlowski, and P. Staubach. NFS version 3 protocol specification. RFC 1813, Network Working Group, June 1995.
9. Dwaine Clarke. SPKI/SDSI HTTP server/certificate chain discovery in SPKI/SDSI. Master's thesis, Massachusetts Institute of Technology, September 2001.
10. T. Dierks and C. Allen. The TLS protocol. RFC 2246, Network Working Group, January 1999.
11. C. Ellison, B. Frantz, B. Lampson, R. Rivest, B. Thomas, and T. Ylönen. SPKI certificate theory. RFC 2693, Network / Working Group, September 1999.
12. Carl M. Ellison, Bill Frantz, Butler Lampson, Ron Rivest, Brian M. Thomas, and Tatu Ylönen. SPKI certificate documentation. Work in progress, from http://www.pobox.com/~cme/html/spki.html, 2002.
13. FIPS 180-1. Secure Hash Standard. U.S. Department of Commerce/N.I.S.T., National Technical Information Service, Springfield, VA, April 1995.
14. I. Foster and C. Kesselman. Globus: A metacomputing infrastructure toolkit. Intl J. Supercomputer Applications, 11 (2):115-128, 1997.
15. I. Foster, C. Kesselman, G. Tsudik, and S. Tuecke. A security architecture for computational grids. In Proceedings of the 5th ACM Conference on Computer and Communications Security Conference, pages 83-92, San Francisco, CA, November 1998.
16. Alan O. Freier, Philip Karlton, and Paul C. Kocher. The SSL protocol version 3.0. Internet draft (draft-freier-ssl-version302.txt), Network Working Group, November 1996. Work in progress.
17. Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson. The Digital distributed system security architecture. In Proceedings of the 12th NIST-NCSC National Computer Security Conference, pages 305-319, Baltimore, MD, October 1989. URL citeseer.nj.nee. com/gasser89digital.html.
18. John H. Howard, Michael L. Kazar, Sherri G. Menees, David A. Nichols, M. Satyanarayanan, Robert N. Side-botham, and Michael J. West. Scale and performance in a distributed file system. ACM Transactions on Computer Systems, 6(1):51-81, February 1988.
19. Jon Howell and David Kotz. End-to-end authorization. In Proceedings of the 4th Symposium on Operating Systems Design and Implementation, pages 151-164, San Diego, CA, October 2000.
20. Michael Kaminsky, Eric Peterson, Kevin Fu, David Mazières, and M. Frans Kaashoek. REX: Secure, modular remote execution through file descriptor passing. Technical Report MIT-LCS-TR-884, MIT Laboratory for Computer Science, January 2003.
21. John Kubiatowicz, David Bindel, Yan Chen, Patrick Eaton, Dennis Geels, Ramakrishna Gummadi, Sean Rhea, Hakim Weatherspoon, Westley Weimer, Christopher Wells, and Ben Zhao. Oceanstore: An architecture for global-scale persistent storage. In Proceedings of the 9th International Conference on Architectural Support for Programming Languages and Operating Systems, pages 190-201, November 2000.
22. Butler Lampson, Martin Abadi, Michael Burrows, and Edward P. Wobber. Authentication in distributed systems: Theory and practice. ACM Transactions on Computer Systems, 10(4):265-310, 1992.
23. David Mazières, Michael Kaminsky, M. Frans Kaashoek, and Emmett Witchel. Separating key management from file system security. In Proceedings of the 17th ACM Symposium on Operating Systems Principles, pages 124-139, Kiawah Island, SC, 1999.
24. Microsoft Windows 2000 Advanced Server Documentation, http://www.microsoft.com/windows2000/en/advanced/help/.
25. Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith. Secure and flexible global file sharing. In Proceedings of the USENIX 2003 Annual Technical Conference, Freenix Track, pages 165-178, San Antonio, TX, June 2003.
26. Alexander Morcos. A Java implementation of simple distributed security infrastructure. Master's thesis, Massachusetts Institute of Technology, May 1998.
27. Jude Regan and Christian Jensen. Capability file names: Separating authorisation from user management in an internet file system. In Proceedings of the 10th USENIX Security Symposium, pages 221-234, Washington, D.C., 2001.
28. Ronald L. Rivest and Butler Lampson. SDSI - a simple distributed security infrastructure. Working document from http://theory.lcs.mit.edu/~cis/sdsi.html, 2002.
29. M. Rosenblum and J. Ousterhout. The design and implementation of a log-structured file system. In Proceedings of the 13th ACM Symposium on Operating Systems Principles, pages 1-15, Pacific Grove, CA, October 1991.
30. R. Srinivasan. RFC: Remote procedure call protocol specification version 2. RFC 1831, Network Working Group, August 1995.
31. J. G. Steiner, B. C. Neuman, and J. I. Schiller. Kerberos: An authentication service for open network systems. In Proceedings of the Winter 1988 USENIX, pages 191-202, Dallas, TX, February 1988.
32. Amin Vahdat. Operating System Services for Wide-Area Applications. PhD thesis, Department of Computer Science, University of California, Berkeley, December 1998.
33. Brian S. White, Michael Walker, Marty Humphrey, and Andrew S. Grimshaw. LegionFS: A secure and scalable file system supporting cross-domain high-performance applications. In Proceedings of the IEEE/ACM Supercomputing Conference (SC2001), November 2001.
34. Edward P. Wobber, Martin Abadi, Michael Burrows, and Butler Lampson. Authentication in the Taos operating system. ACM Transactions on Computer Systems, 12(1):3-32, 1994.
35. Thomas Wu. The secure remote password protocol. In Proceedings of the 1998 Internet Society Network and Distributed System Security Symposium, pages 97-111, San Diego, CA, March 1998.
36. X.509. Recommendation X.509: The Directory Authentication Framework. ITU-T (formerly CCITT) Information technology Open Systems Interconnection, December 1988.
37. Tatu Ylönen. SSH - secure login connections over the Internet. In Proceedings of the 6th USENIX Security Symposium, pages 37-42, San Jose, CA, July 1996.
38. Philip Zimmermann. PGP: Source Code and Internals. MIT Press, 1995.