Open Access. Powered by Scholars. Published by Universities.®
Physical Sciences and Mathematics Commons™
Open Access. Powered by Scholars. Published by Universities.®
Articles 1 - 4 of 4
Full-Text Articles in Physical Sciences and Mathematics
End-To-End Authorization, Jon Howell, David Kotz
End-To-End Authorization, Jon Howell, David Kotz
Dartmouth Scholarship
Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. \par We describe boundaries that can interfere with end-to-end authorization, and outline our unified approach. We describe the system we built and the applications we adapted to use our unified authorization system, and measure its costs. We conclude that our system …
Restricted Delegation: Seamlessly Spanning Administrative Boundaries, Jon Howell, David Kotz
Restricted Delegation: Seamlessly Spanning Administrative Boundaries, Jon Howell, David Kotz
Dartmouth Scholarship
Historically and currently, access control and authentication is managed through ACLs. Examples include:
• the list of users in /etc/password, the NIS passwd map, or an NT domain
• permissions on Unix files or ACLs on NT objects
• a list of known hosts in .ssh/known hosts
• a list of IP addresses in .rhosts (for rsh) or .htaccess (http)
The limitations of ACLs always cause problems when spanning administrative domains (and often even inside administrative domains). The best example is the inability to express transitive sharing. Alice shares read access to object X with Bob (but not access to …
The Expected Lifetime Of Single-Address-Space Operating Systems, David Kotz, Preston Crow
The Expected Lifetime Of Single-Address-Space Operating Systems, David Kotz, Preston Crow
Dartmouth Scholarship
Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. To simplify address-space management, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in the design of appropriate address-space management policies. In this paper, we present the results of extensive kernel-level tracing of the workstations on our campus, and discuss the implications for …
The Expected Lifetime Of “Single-Address-Space” Operating Systems, David Kotz, Preston Crow
The Expected Lifetime Of “Single-Address-Space” Operating Systems, David Kotz, Preston Crow
Dartmouth Scholarship
Trends toward shared-memory programming paradigms, large (64-bit) address spaces, and memory-mapped files have led some to propose the use of a single virtual-address space, shared by all processes and processors. Typical proposals require the single address space to contain all process-private data, shared data, and stored files. To simplify management of an address space where stale pointers make it difficult to re-use addresses, some have claimed that a 64-bit address space is sufficiently large that there is no need to ever re-use addresses. Unfortunately, there has been no data to either support or refute these claims, or to aid in …