Authentication in the Taos operating system

We describe a design and implementation of security for a distributed system. In our system, applications access security services through a narrow interface. This interface provides a notion of identity that includes simple principals, groups, roles, and delegations. A new operating system component manages principals, credentials, and secure channels. It checks credentials according to the formal rules of a logic of authentication. Our implementation is efficient enough to support a substantial user community.

[1]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[2]  Donald Ervin Knuth,et al.  The Art of Computer Programming, 2nd Ed. (Addison-Wesley Series in Computer Science and Information , 1978 .

[3]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[4]  Lawrence C. Stewart,et al.  Firefly: a multiprocessor workstation , 1987, ASPLOS 1987.

[5]  Ralph Howard,et al.  Data encryption standard , 1987 .

[6]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[7]  Morrie Gasser,et al.  The Digital Distributed System Security Architecture , 1989 .

[8]  Michael Burrows,et al.  Performance of Firefly RPC , 1990, ACM Trans. Comput. Syst..

[9]  Ronald L. Rivest,et al.  The MD4 Message-Digest Algorithm , 1990, RFC.

[10]  Martín Abadi,et al.  A Calculus for Access Control in Distributed Systems , 1991, CRYPTO.

[11]  Martín Abadi,et al.  Authentication and Delegation with Smart-cards , 1991, TACS.

[12]  Jean-Jacques Quisquater,et al.  Bournas corsair: a chip card with fast rsa capability , 1991 .

[13]  Martín Abadi,et al.  Authentication in distributed systems: theory and practice , 1991, SOSP '91.

[14]  Hans Eberle,et al.  A 1 GBIT/second GaAs DES chip , 1992, 1992 Proceedings of the IEEE Custom Integrated Circuits Conference.

[15]  Mark Shand,et al.  Fast implementations of RSA cryptography , 1993, Proceedings of IEEE 11th Symposium on Computer Arithmetic.

[16]  Martín Abadi,et al.  Authentification and Delegation with Smart-Cards , 1993, Sci. Comput. Program..

[17]  Roger M. Needham,et al.  Cryptography and secure channels , 1993 .

[18]  John T. Kohl,et al.  The Kerberos Network Authentication Service (V5 , 2004 .