论文信息 - Authentication and Discretionary Access Control in Computer Networks

Authentication and Discretionary Access Control in Computer Networks

Abstract This paper proposes a new mechanism for authentication and discretionary access control in networks with decentralized control. Girling's strategy for one-time keywords for authentication forwarding is combined with a proxy login mechanism to obtain a reliable method for network authentication that does not depend on the transmission of passwords. The authentication mechanism is used as the basis for a scheme for network-wide access control lists allowing a user to grant access rights to any other user in a network. These proposals are described in the context of the Digital Network Architecture (DNA), but are in fact applicable to any packet switched network.

Paul A. Karger

[1] Gerald J. Popek,et al. Encryption and Secure Computer Networks , 1979, CSUR.

[2] Whitfield Diffie,et al. New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3] Jerome H. Saltzer,et al. Protection and the control of information sharing in multics , 1974, CACM.

[4] Jerome H. Saltzer,et al. The protection of information in computer systems , 1975, Proc. IEEE.

[5] Carl E. Landwehr,et al. Formal Models for Computer Security , 1981, CSUR.

[6] Steven B. Lipner,et al. A comment on the confinement problem , 1975, SOSP.

[7] P. A. Karger. NON-DISCRETIONARY ACCESS CONTROL FOR DECENTRALIZED COMPUTING SYSTEMS , 1977 .

[8] C. Gray Girling. Object representation on a heterogeneous network , 1982, OPSR.

[9] Maurice V. Wilkes,et al. Time-sharing computer systems , 1968 .

[10] Helen Marie Wood,et al. The use of passwords for controlled access to computer resources. , 1977 .

[11] Robert H. Thomas,et al. A resource sharing executive for the ARPANET , 1973, AFIPS National Computer Conference.

[12] Elliott I. Organick,et al. The multics system: an examination of its structure , 1972 .

[13] Paul A. Karger,et al. Security in Automatic Data Processing (ADP) Network Systems. , 1976 .

[14] Robert Metcalfe,et al. Ethernet: distributed packet switching for local computer networks , 1976, CACM.