QuoteRef: satyM8_1989

topics > all references > ThesaHelp: references sa-sz

ACM references m-z
references sa-sz
security leaks and weaknesses
distributed system security
security by secure domains
group names
unique numeric names as surrogates
security by access rights
security by capabilities
password protection
replicated data


Satyanarayanan, M., "Integrating security in a large distributed system", ACM Transactions on Computer Systems, 7, 3, pp. 247-280, August 1989. Google


security in Andrew as of November 1986, with updates p. 277..

250 ;;Quote: security violations are: unauthorized release of information, modification of information, and denial of resource usage
250+;;Quote: Andrew does not guarantee resource denial; e.g., flooding network with packets has no clear solution
250 ;;Quote: security in Andrew depends on physically secure servers, trusted superusers, and trusted software; no user software allowed
252 ;;Quote: an Andrew protection domain is a user or a group of users with an owner; owner prefixed to group name
252 ;;Quote: Andrew uses unique ids for users and groups; never reassigned since used in many tables; user and group names are easily changed
Quote: an audit trail for superusers must be on a non-erasable medium
252 ;;Quote: identify Andrew superusers by membership in System:Administrators; provides audit trail by user id and simple revocation of privileges
253 ;;Quote: avoid using a single entry in a protection domain to stand for a group of users; limited accountability
254 ;;Quote: a connection in Andrew has 4 security levels; HeadersOnly prevents new requests but not release and modify; AuthOnly for secure channels
256 ;;Quote: Andrew's authentication procedure depends on a shared, encrypted handshake key; randomized to prevent replay attacks
257 ;;Quote: Andrew uses authentication tokens to prove identity; like a capability; established by secret and clear tokens
257+;;Quote: Andrew will adopt Kerberos' authentication procedure; for standardization
259 ;;Quote: Unix password files do not authenticate the system to the user
259+;;Quote: Unix password files assumes physically secure communication
260 ;;Quote: authentication server replicated in every Andrew server; all but one are read-only; propagate changes over secure lines
261 ;;Quote: access list contains a 32-bit mask of positive and negative rights; unioned with group rights in 1 scan; negative overrides positive
261+;;Quote: use negative access rights for rapid and selective revocation of rights to sensitive objects
262 ;;Quote: access rights for directories; restrict access to a file by linking to a private directory
271 ;;Quote: use hardware-supported DES for encryption; Andrew currently uses xor-encoding to exercise code and force decryption
277 ;;Quote: an Andrew cell is an autonomous system with its own security, file servers, and administration; user must be authenticated for each cell

Related Topics up

ThesaHelp: ACM references m-z (280 items)
ThesaHelp: references sa-sz (237 items)
Topic: security leaks and weaknesses (56 items)
Topic: distributed system security (16 items)
Topic: security by secure domains (42 items)
Topic: group names (16 items)
Topic: unique numeric names as surrogates (67 items)
Topic: renaming (10 items)
Topic: security by access rights (36 items)
Topic: authentication (87 items)
Topic: security by capabilities (65 items)
Topic: password protection (42 items)
Topic: replicated data (45 items)
Topic: encryption (43 items)

Collected barberCB 12/93
Copyright © 2002-2008 by C. Bradford Barber. All rights reserved.
Thesa is a trademark of C. Bradford Barber.