See this document in CiteSeerX!

End-to-End Authorization (2000)  (Make Corrections)  (19 citations)
Jon Howell, David Kotz



  Home/Search   Context   Related

 
View or download:
dartmouth.edu/~jonh/research/...osdi.ps
dartmouth.edu/~dfk...l:endtoend.ps.gz
Cached:  PS.gz  PS  PDF   Image  Update  Help

From:  dartmouth.edu/~jonh/research/ (more)
(Enter author homepages)

Rate this article: (best)
  Comment on this article  
Presents a model for relating chains of authority passing through multiple network services.

Abstract: Many boundaries impede the flow of authorization information, forcing applications that span those boundaries into hop-by-hop approaches to authorization. We present a unified approach to authorization. Our approach allows applications that span administrative, network, abstraction, and protocol boundaries to understand the end-to-end authority that justifies any given request. The resulting distributed systems are more secure and easier to audit. We describe boundaries that can interfere with... (Update)

Cited by:   More
IEEE June 2004 3 - Cover Feature Published   (Correct)
Quality of Service Aspects and Metrics in Grid Computing - Menasce, Casalicchio (2004)   (Correct)
Securing Information Gateways with - Derivation-Constrained Access.. (2006)   (Correct)

Similar documents (at the sentence level):
63.4%:   End-to-End Authorization - Howell, Kotz   (Correct)
40.6%:   Naming and Sharing Resources across Administrative Boundaries - Howell (2000)   (Correct)

Active bibliography (related documents):   More   All
0.5:   Resource Control of Untrusted Code in an Open Network Environment - Menage (2003)   (Correct)
0.3:   Consumable Credentials in Logic-Based Access Control - Bauer, Bowers, Pfenning.. (2006)   (Correct)
0.3:   A Formal Semantics for SPKI - Howell, Kotz (2000)   (Correct)

Similar documents based on text:   More   All
0.3:   Snowflake: Breaking The Administrative Boundary - Howell   (Correct)
0.2:   The Snowflake Distributed System - Howell (1998)   (Correct)
0.2:   Mobile Voice Over IP (MVOIP): An Application-level Protocol - Mills-Tettey (2001)   (Correct)

Related documents from co-citation:   More   All
13:   SPKI Certificate Theory (context) - Ellison, Frantz et al.
7:   Authentication in distributed systems: Theory and practice - Lampson, Abadi et al. - 1992
7:   Project aura: Toward distraction-free pervasive computing - Garlan, Siewiorek et al. - 2002

BibTeX entry:   (Update)

Jon Howell and David Kotz, "End-to-end authorization," in In Proceedings of the Fourth Symposium on Operating Systems Design and Implementation (OSDI http://citeseer.ist.psu.edu/howell00endtoend.html   More

@inproceedings{ howell:end-to-end,
  author =   "Jon Howell and David Kotz",
  title =    "End-to-end authorization",
  booktitle =    osdi2000,
  pages =    "151--164",
  month =    oct,
  year =     2000,
  publisher =    usenix,
  URL =  "citeseer.ist.psu.edu/howell00endtoend.html",
  URL =  "http://www.usenix.org/publications/library/proceedings/osdi2000/howell.
html",
  keyword =  "security, access control, naming, distributed
                  operating system, authorization, dfk",
  group =    "dfk, CMC",
  category =     "security",
  vitatype =     refConference,
  acceptpercent = 22,
  comment =  "Based on the theory in howell:spki.",
  abstract =     { Many boundaries impede the flow of authorization
                  information, forcing applications that span those
                  boundaries into hop-by-hop approaches to
                  authorization. We present a unified approach to
                  authorization. Our approach allows applications that
                  span administrative, network, abstraction, and
                  protocol boundaries to understand the end-to-end
                  authority that justifies any given request. The
                  resulting distributed systems are more secure and
                  easier to audit. \par We describe boundaries that
                  can interfere with end-to-end authorization, and
                  outline our unified approach. We describe the system
                  we built and the applications we adapted to use our
                  unified authorization system, and measure its
                  costs. We conclude that our system is a practical
                  approach to the desirable goal of end-to-end
                  authorization. } }
Citations (may not include all citations):
423   End-to-end arguments in system design - Saltzer, Reed et al. - 1984
305   Decentralized trust management - Blaze, Feigenbaum et al. - 1996
253   Authentication in distributed systems: theory and practice - Lampson, Abadi et al. - 1992
171   Prudent engineering practice for cryptographic protocols - Abadi, Needham - 1996
162   A calculus for access control in distributed systems - Abadi, Burrows et al. - 1993
140   Experiences with the Amoeba distributed operating system - Tanenbaum, van Renesse et al. - 1990
132   SPKI certificate theory (context) - Ellison, Frantz et al. - 1999
101   Authentication in the Taos operating system - Wobber, Abadi et al. - 1994
94   Security mechanisms in high-level network protocols (context) - Voydock, Kent - 1983
92   Amoeba: A distributed operating system - Mullender, van Rossum et al. - 1990
92   Proxy-based authorization and accounting for distributed sys.. - Neuman - 1993
57   Proof-carrying authentication - Appel, Felten - 1999
46   HTTP authentication: Basic and digest access authentication (context) - Franks, Hallam-Baker et al. - 1999
39   Microkernel operating system architecture and Mach (context) - Black, Golub et al. - 1992
23   Cascaded authentication (context) - Sollins - 1988
23   An analysis of the proxy problem in distributed systems (context) - Varadharajan, Allen et al. - 1991
22   The KeyKOS nanokernel architecture (context) - Bomberger, Frantz et al. - 1992
13   A Formal Semantics for SPKI - Howell, Kotz - 2000
11   A Java implementation of Simple Distributed Security Infrast.. - Morcos - 1998
7   Internet draft draft-ietf-spki-cert-structure (context) - Ellison, Frantz et al. - 1998
6   Certificate discovery using SPKI/SDSI (context) - Elien - 1998
5   Computing McGraw-Hill (context) - Moss - 1998
5   Internet draft draftrivest -sexp (context) - Rivest - 1997
4   Naming and sharing resources across administrative boundarie.. - Howell - 2000
2   Internet draft draft-ylonen-sshprotocol (context) - Ylonen, secure et al. - 1996
2   ACM Operating Systems Review (context) - Shapiro, Smith et al. - 1999



The graph only includes citing articles where the year of publication is known.

Documents on the same site (http://www.cs.dartmouth.edu/~jonh/research/):   More
A Formal Semantics for SPKI - Howell, Kotz (2000)   (Correct)
Hey, You Got Your Compiler in My Operating System! - Mark, Montague (1999)   (Correct)
Straightforward Java Persistence Through Checkpointing - Howell (1999)   (Correct)

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC