Transparent mistrust: OS support for cryptography-in-the-large

Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III Pub Date : 1993-10-14 DOI:10.1109/WWOS.1993.348165

M. Blaze

{"title":"Transparent mistrust: OS support for cryptography-in-the-large","authors":"M. Blaze","doi":"10.1109/WWOS.1993.348165","DOIUrl":null,"url":null,"abstract":"This position paper advocates the development of new mechanisms to support cooperative computing requiring less than complete trust. Traditional OS security mechanisms have assumed a monolithic or hierarchical model for controlling and arbitrating access to local resources. Operating systems authenticate users as they log in and enforce controlled access to files, devices and memory. Distributed systems change the picture somewhat, with less-trusted clients obtaining some resources from centralized servers, but typically retain some notion of central authority within a framework of global trust and control. Boundaries of trust are going to become increasingly important to future workstation operating systems. Cryptographic algorithms and protocols can protect these boundaries, but the interfaces to them need some attention first. Our experiences, which are admittedly within the research environment, lead us to believe that cryptographic protection can be quite practical across a variety of layers of the system; importantly, no one layer emerges as a decisive winner as to where this protection best belongs. (The application layer, however, does appear to be the clear loser.).<<ETX>>","PeriodicalId":345070,"journal":{"name":"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1993-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WWOS.1993.348165","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 4

Abstract

This position paper advocates the development of new mechanisms to support cooperative computing requiring less than complete trust. Traditional OS security mechanisms have assumed a monolithic or hierarchical model for controlling and arbitrating access to local resources. Operating systems authenticate users as they log in and enforce controlled access to files, devices and memory. Distributed systems change the picture somewhat, with less-trusted clients obtaining some resources from centralized servers, but typically retain some notion of central authority within a framework of global trust and control. Boundaries of trust are going to become increasingly important to future workstation operating systems. Cryptographic algorithms and protocols can protect these boundaries, but the interfaces to them need some attention first. Our experiences, which are admittedly within the research environment, lead us to believe that cryptographic protection can be quite practical across a variety of layers of the system; importantly, no one layer emerges as a decisive winner as to where this protection best belongs. (The application layer, however, does appear to be the clear loser.).<>

查看原文本刊更多论文

透明不信任:操作系统支持大规模加密

这篇立场文件提倡开发新的机制来支持不需要完全信任的协作计算。传统的操作系统安全机制采用单一的或分层的模型来控制和仲裁对本地资源的访问。操作系统在用户登录时对其进行身份验证，并对文件、设备和内存进行控制访问。分布式系统在某种程度上改变了这种情况，不太可信的客户机从集中式服务器获得一些资源，但通常在全局信任和控制的框架内保留一些中央权威的概念。信任边界对未来的工作站操作系统将变得越来越重要。加密算法和协议可以保护这些边界，但首先需要注意它们的接口。我们在研究环境中的经验使我们相信，加密保护在系统的各个层中都是非常实用的;重要的是，对于这种保护的最佳归属，没有一个层会成为决定性的赢家。(然而，应用层显然是输家。)

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III

自引率

0.00%

发文量