R. D. Sansom, D. P. Julian, R. Rashid. "Extending a Capability Based System Into a Network Environment" Research sponsored by DOD, 1986, p. 265--274.  Home/Search   Document Not in Database   Summary   Related Articles   Check

....VatA VatC VatB b1 VatID SwissNumber Joe Fig. 5. Pluribus in operation. The description so far applies equally well to many distributed object systems, such as CORBA and RMI, that have no ambitions to capability security. What more do we need to make this into a secure protocol (See also [4, 9, 10, 32, 40]) 4.2 Cryptographic Capabilities On creation, each vat generates a public private key pair. The fingerprint of the vat s public key is its vat Identity, or VatID. What does the VatID identify The VatID can only be said to designate any vat which knows and uses the corresponding private key ....

Robert D. Sansom, D. P. Julian, Richard Rashid, "Extending a Capability Based System Into a Network Environment" (1986) Research sponsored by DOD, pp. 265-274.

....work on active networks has been surveyed elsewhere [TSS 97] SCM 99] and thus we focus on issues germane to SANE and Rcane. An architecture which, like from alien to SANE, extended a protection model from the local domain to a distributed environment was provided by Sansom, et al. SJR86] who enforced protection locally with memory protection enforced capabilities. It is notable that capabilities can be viewed as a namespace based protection mechanism) The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could thus ....

R. D. Sansom, D. P. Julin, and R. F. Rashid. Extending a capability based system into a network environment. In Proceedings of the

....RELATED WORK Ongoing work on active networks has been surveyed elsewhere [41] 42] and thus we focus on issues germane to SANE and RCANE. An architecture which, like from ALIEN to SANE, extended a protection model from the local domain to a distributed environment was provided by Sansom, et al. [43], who enforced protection locally with memory protection enforced capabilities. It is notable that capabilities can be viewed as a namespace based protection mechanism) The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could thus be ....

R. D. Sansom, D. P. Julin, and R. F. Rashid, "Extending a capability based system into a network environment," in Proc. ACM SIGCOMM, Aug. 1986.

....1988. Development and improvement are still in proces and new versions will be available to all users. Contact: Richard F. Rashid, Computer Science Department, Carnegie Mellon University, Pittsburgh, PA 15213. References: 218] 219] 220] 221] 222] 223] 224] 225] 6] 226] 227] [228], 229] 230] 231] 232] 2.33 Medusa Main Goal Medusa is a distributed operating system designed for the Cm multimicroprocessor. It is an attempt to produce a system that is modular, robust, location transparent, and to take advantage of the parallelism presented in Cm . Advantages Each ....

R.D. Sansom, D.P. Julin, and R.F. Rashid, "Extending a Capability Based System into a Network Environment ", In Proc. SIGCOMM '86 Symp., pages 265--274, Stowe, Vermont, 1986.

....70 80 90 100 10 15 20 25 30 IEEE Communications Magazine . April 2000 8 mulation of state. They appear to be trying to avoid having any service layer at all. An architecture which extended a protection model from the local domain to a distributed environment was provided by Sansom et al. [14], where protection was enforced locally with memory protection enforced capabilities. The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could thus be specialized to such an application (moving memory protected objects about the ....

R. D. Sansom, D. R Julin, and R. F. Rashid, "Extending a Capability Based System into a Network Environment, " Proc. 1986 ACM SIGCOMM, Aug. 1986.

....security of SANE. However, as all enhanced services are added to the node as PLAN extensions, any such extensions would require a SANE like approach for security. An architecture which extended a protection model from the local domain to a distributed environment was provided by Sansom, et al. SJR86] where protection was enforced locally with memory protection enforced capabilities. It is notable that capabilities can be viewed as a namespace based protection mechanism) The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could ....

R. D. Sansom, D. P. Julin, and R. F. Rashid. Extending a capability based system into a network environment. In Proceedings of the 1986 ACM SIGCOMM Conference, August 1986.

....all the services and resources in the system, and these services and resources are accessed by sending messages to the ports associated with them. Traditionally inter process communication between Mach nodes that are not connected by shared memory has used reliable but slow mechanisms like TCP IP [83], but recently work has been done to improve Mach s networking performance, both within CMU [48] and by other groups [75] Virtual memory management in Mach is implemented using memory objects. An address space in Mach is represented as a collection of mappings from linear addresses to offsets ....

R. Sansom, D. Julin, and R. Rashid. Extending a Capability Based System into a Network Environment. In Proceedings of the 1986 ACM SIGCOMM Symposium on Communications Architectures and Protocols, pages 265--274, August 1986.

....the first request from the client in each experiment. Subsequent requests were able to use the cached capability key. 11 Related Work Historically, capability systems have used hardware support to prevent client modification of capabilities [3, 27] or depended on trusted operating system kernels [24, 28]. NASD capabilities differ because we use a fully distributed system where we do not trust the holders of the capabilities. While the basic idea of a capability in these examples and NASD is essentially the same, our inability to trust the holder of the capability and the distributed nature of ....

Robert D. Sansom, Daniel P. Julin, and Richard F. Rashid. Extending a Capability Based System into a Network Environment. In SIGCOMM '86: Futures in Communications, August 1986.

....the security of SANE. However, as any enhanced services are added to the node as PLAN extensions, such extensions would require a SANE like approach for security. An architecture which extended a protection model from the local domain to a distributed environment was provided by Sansom, et al. SJR86] who enforced protection locally with memoryprotection enforced capabilities. It is notable that capabilities can be viewed as a namespace based protection mechanism) The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could thus be ....

R. D. Sansom, D. P. Julin, and R. F. Rashid. Extending a capability based system into a network environment. In Proceedings of the 1986 ACM SIGCOMM Conference, August 1986.

....require the security of SANE. However, as any enhanced services are added to the node as PLAN services, such services would require a SANE like approach for security. An architecture which extended a protection model from the local domain to a distributed environment was provided by Sansom, et al. [Sansom et al. 1986], who enforced protection locally with memory protection enforced capabilities. It is notable that capabilities can be viewed as a namespace based protection mechanism) The capabilities were extended to remote nodes via cryptographic means. SANE provides more general mechanisms and could thus be ....

Sansom, R. D., Julin, D. P., and Rashid, R. F. 1986. Extending a capability based system into a network environment. In Proceedings of the 1986 ACM SIGCOMM Conference (August 1986).

....on the object. This security requirement quickly led us to use a software capability model for providing secure access to specific objects. This approach is sim 3 ilar to that used in the Cambridge fileserver [Birrell Needham 1980] Amoeba [Tanenbaum et al. 1986] and Mach [Acetta et al. 1986] [Sansom et al. 1986]. Following from this desire for security are some secondary requirements. When a cross address space call occurs on a capability, neither the client nor the server should be vulnerable to the other s incompetence or malice. Thus, for example, we require that there is well defined behaviour if ....

R. D. Sansom, D. P. Julin and R. F. Rashid. "Extending a Capability Based System into a Network Environment." SIGCOMM `86 Symposium On Communications Architectures & Protocols, Stowe, Vermont, August 1986.

....shadow process at the original site. However, this does only work for regular files and cannot handle processes that do interprocess communication. To achieve migration transparency for a larger set of system calls, we use an approach that was somewhat inspired by the Mach system s NetMsg server [21]. We have built a system wide virtual name space for PIDs, transport addresses and file names. The applications work with objects in a common, location independent name space. We use a system call interposing component [9] to translate the arguments from the virtual name space into the underlying, ....

R. Sansom, D. Julin, and R. Rashid. Extending a Capability Based System into a Network Environment. CMU-CS-86-115, April 1986.

....they can be used at the same time as handles for communication operations and as protected references for individual objects or resources in the 1 system. The local IPC facilities exported by the kernel are transparently extended in the network environment by a collection of network servers[2]. Every high level service exported by the servers in the emulation system is defined following an object oriented paradigm, with operations exported by one or more items. The word item is used here to avoid confusion with various language level objects or classes that may be used internally for ....

R. D. Sansom, D. P. Julin, and R. F. Rashid, "Extending a capability based system into a network environment," in Proceedings of the ACM SIGCOMM 86 Symposium on Communication Architectures and Protocols, pp. 265--274, ACM, August 1986. Also available as Technical Report CMU-CS-86-115.

....of control within a and either handled directly or converted into a message to be single address space, sent to a system server. There is an override facility that . an extensible and secure interprocess com allows the transparent library code to redirect a call to the munication facility (IPC) [10], kernel if necessary, to simplify development and debugging of the transparent library itself. This facility can be used for a . architecture independent virtual memory managevariety of purposes, such as: ment (VM) 7] binary compatibility with non Mach OS environ . integrated IPC VM ....

Sansom, R.D., Julin, D.P. and Rashid R.F. Extending a Capability Based System into a Network Environment. Proceedings of the ACM SIGCOMM 86 Symposium on Communications Architectures and Protocols, August, 86, pp. 265-274. Also available as Technical Report CMU-CS-86-115.

No context found.

R. D. Sansom, D. P. Julian, R. Rashid. "Extending a Capability Based System Into a Network Environment" Research sponsored by DOD, 1986, p. 265--274.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC