Dan M. Nessett

Layering central authentication on existing distributed system terminal services

An approach to the secure logon problem in distributed systems managed by a single authority is considered in which central authentication is layered onto existing terminal services. This approach suggests itself when a large installed base of computer systems that do not support central authentication already exists. Work to assess the feasibility of this approach was carried out. The results demonstrate that layering can be used in certain circumstances to provide central authentication services, although, as a result, the concomitant maintenance costs may increase. It was also determined that terminal service features are necessary so that central authentication is easily layered over existing terminal services. Recommendations are made concerning how to structure terminal services in a distributed system to support an integrated central authentication service.<<ETX>>

Factors Affecting Distributed System Security

Recent work examining distributed system security requirements. is critiqued. A notion of trust based on distributed system topology and distributed system node evaluation levels proposed in that work is shown to be deficient. The notion fails to make allowances for the distributed system physical security environment, security factors related to the management of distributed systems by more than one jurisdictive authority, and the interactions that can occur between nodes supporting different mandatory and discretionary security mechanisms.

Commercially viable active networking

Active Networking is a new technology receiving significant attention from the research community. To this point, however, it has not been examined from the perspective of commercial viability. This paper presents an analysis of active networking issues with a view to its possible uses in a commercial environment. It then describes a prototype system built to address these issues.

Logon in distributed systems

The problem of logon in distributed systems is discussed. The use of central authentication to solve this problem is described and justified. A layering technique that allows the addition of central authentication to vendor-supplied operating systems is presented, and experience with this technique is described.<<ETX>>

Identifier protection in a distributed operating system

Donnelley and Fletcher recently presented a scheme to protect capabilities in a distributed operating system.1 This scheme uses public-key encryption to ensure that capabilities cannot be stolen in a form useful to the thief nor forged by an unauthorized process or user. Unfortunately, security and efficiency considerations make currently available public-key encryption techniques unattractive.

Terminal services in heterogeneous distributed systems

Abstract This paper examines the requirements and design issues of terminal services in heterogeneous distributed systems and then discusses the architecture of and implementation experience with a prototype terminal services system. To begin, we briefly discuss heterogenous distributed systems and describe why they are important. We then develop requirements for terminal services within these systems. Three general areas of concern are used to categorize the requirements: (1) flexibility, (2) protocol interfaces, and (3) security. With respect to flexibility, we argue that users should be able to logon to a host in a wide variety of situations, not just those that are most common. To allow interaction between systems supporting different protocol families, protocol interfaces that translate terminal services supported by one family into those supported by others are necessary. Finally, we discuss at length the distributed system logon problem and analyze previous work related to its solution. To accommodate heterogeneity while collaterally meeting terminal service requirements, we introduce the notion of administrative domains. They are parts of the distributed system that are homogeneous with respect to a set of appropriate attributes. Gateways provide the necessary mechanisms that allow administrative domains to interact with one another. We describe the interface issues that affect gateway structure related to communication protocols and to logon. From our implementation experience, we discuss performance and architectural issues and summarize our experience by pointing out major contributions of our research.

Vectorized presentation-level services for scientific distributed applications

The use of heterogeneous distributed systems is a promising approach to significantly increase computational performance of scientific applications. However, one key to this strategy is to minimize the percentage of time spent by an application moving data between machines. This percentage is composed of two parts: 1) the time to translate data between the formats used on different machines, and 2) the time to move data over the network that interconnects the machines. Previous work suggests that data format conversion activity, generally known as presentation-level services, is by far the more costly of the two.In this paper we describe how vectorization can be used to improve presentation-level performance in scientific applications by one or two orders of magnitude over the conventional approach. While others have recognized the advantages of vectorized data format conversion, we describe how to automate this process so that an application programmer need not explicitly call vectorization routines. We explore the impact of presentation-level vectorization on software portability, programming efficiency and protocol standards. We compare our performance results with those of two other popular distributed scientific application programming tools and then summarize the lessons we have learned during the course of our research.

ISOC symposium on network and distributed systems security

On February 3-4, 1994, the Internet Society held its first Symposium on Network and Distributed System Security in San Diego, California . The Symposium was a follow-on to the PSRG Workshop held in February, 1993 . Attracting 23 4 participants, the Symposium provided the opportunity for researchers, practitioners and users to hear of new work an d to discuss current trends, proposals and practice . The Symposium program consisted of 8 single-track sessions, 3 o f which were panels and the remaining 5 of which were paper presentations .

Interactive terminal services in a heterogeneous distributed system

The provision of interactive terminal services (hereafter simply called interactive services) in a distributed system requires the definition and use of protocols (spedfically, logon and terminal protocols) supporting remote terminal interaction. In the case of a homogeneous distrbuted system each constituent host providing or using distributed system interactive services implements a common set of interactive service protocols. A heterogeneous distributed system, on the other hand, is characteri~ by hosts and constituent distrbuted systems that implement different interactive service protocols. This introduces the problem of interfacing these protocols so that interactive services may be provided within the distributed system as a whole.