Frederick C. Knabe

Wide area computing: resource sharing on a large scale

Consider almost any computing resource today-whether hardware, software, or data-and it will invariably be networked. Computing over wide area networks has been largely ad hoc, but as needs increase, piecemeal solutions no longer make sense. The authors set out to design and build a wide-area operating system that would allow multiple organizations with diverse platforms to share and combine their resources. This system, Legion, is a network-level operating system designed from scratch to target wide-area computing demands.

A Flexible Security System for Metacomputing Environments

A metacomputing environment is a collection of geographically distributed resources (people, computers, devices, databases) connected by one or more high-speed networks and potentially spanning multiple administrative domains. Security is an essential part of metasystem design -- high-level resources and services defined by the metacomputer must be protected from one another and from possibly corrupted underlying resources, while those underlying resources must minimize their vulnerability to attacks from the metacomputer level. We present the Legion security architecture, a flexible, adaptable framework for solving the metacomputing security problem. We demonstrate that this framework is flexible enough to implement a wide range of security mechanisms and high-level policies.

A new model of security for metasystems

Abstract With the rapid growth of high-speed networking and microprocessing power, metasystems have become increasingly popular. The need for protection and security in such environments has never been greater. However, the conventional approach to security, that of enforcing a single system-wide policy, will not work for the large-scale distributed systems we envision. Our new model shifts the emphasis from ‘system as enforcer’ to user-definable policies, making users responsible for the security of their objects. This security model has been implemented as part of the Legion project. Legion is an object-oriented metacomputing system, with strong support for autonomy. This includes support for per-object, user-defined policies in many areas, including resource management and security. This paper briefly describes the Legion system, presents our security model, and discusses the realization of that model in Legion.