Abstract In an open network computing environment, a wor- into the rest of the Athena environment. We also describe the kstation cannot be trusted to identify its users correctly to interaction of different Kerberos authentication domains, or network services. Kerberos provides an alternative approach realms; in our case, the relation between the Project Athena whereby a trusted third-party authentication service is used to Kerberos and the Kerberos running at MIT’s Laboratory for verify users ’ identities. This paper gives an overview of the Computer Science. Kerberos authentication model as implemented for MIT’s Proj- In Section 8, we mention open issues and problems as yet ect Athena. It describes the protocols used by clients, servers, unsolved. The last section gives the current status of Kerberos and Kerberos to achieve authentication. It also describes the at Project Athena. In the appendix, we describe in detail how management and replication of the database required. The views Kerberos is applied to a network file service to authenticate of Kerberos as seen by the user, programmer, and administrator are described. Finally, the role of Kerberos in the larger Athena users who wish to gain access to remote file systems. picture is given, along with a list of applications that presently use Kerberos for user authentication. We describe the addition 2 CONVENTIONS of Kerberos authentication to the Sun Network File System as a case study for integrating Kerberos with an existing application. Throughout this paper we use terms that may be ambiguous, new to the reader, or used differently elsewhere. Below we state our use of those terms. 1

The X Window System, Version 11, is the standard window system on Linux and UNIX systems. X11, designed in 1987, was “state of the art ” at that time. From its inception, X has been a network transparent window system in which X client applications can run on any machine in a network using an X server running on any display. While there have been some significant extensions to X over its history (e.g. OpenGL support), X’s design lay fallow over much of the 1990’s. With the increasing interest in open source systems, it was no longer sufficient for modern applications and a significant overhaul is now well underway. This paper describes revisions to the architecture of the window system used in a growing fraction of desktops and embedded systems 1

The views and conclusions in this document are those of the authors and do not necessarily represent the official policies or endorsements of any of the research sponsors. How do we build distributed systems that are secure? Cryptographic techniques can be used to secure the communications between physically separated systems, but this is not enough: we must be able to guarantee the privacy of the cryptographic keys and the integrity of the cryptographic functions, in addition to the integrity of the security kernel and access control databases we have on the machines. Physical security is a central assumption upon which secure distributed systems are built; without this foundation even the best cryptosystem or the most secure kernel will crumble. In this thesis, I address the distributed security problem by proposing the addition of a small, physically secure hardware module, a secure coprocessor, to standard workstations and PCs. My central axiom is that secure coprocessors are able to maintain the privacy of the data they process. This thesis attacks the distributed security problem from multiple sides. First, I analyze the security properties of existing system components, both at the hardware and

The Dyad project at Carnegie Mellon University is using physically secure coprocessors to achieve new protocols and systems addressing a number of perplexing security problems. These coprocessors can be produced as boards or integrated circuit chips and can be directly inserted in standard workstations or PC-style computers. This paper presents a set of security problems and easily implementable solutions that exploit the power of physically secure coprocessors: (1) protecting the integrity of publicly accessible workstations, (2) tamper-proof accounting/audit trails, (3) copy protection, and (4) electronic currency without centralized servers. We outline the architectural requirements for the use of secure coprocessors. 1 Introduction and Motivation The Dyad project at Carnegie Mellon University is using physically secure coprocessors to achieve new protocols and systems addressing a number of perplexing security problems. These coprocessors can be produced as boards or integrated ...

A metasystem is a single computing resource composed of a heterogeneous group of autonomous computers linked together by a network. The interconnection network needed to construct large metasystems will soon be in place. To fully exploit these new systems, software that is easy to use, supports large degrees of parallelism, and hides the complexity of the underlying physical architecture must be developed. In this paper we describe our metasystem vision, our approach to constructing a metasystem testbed, and early experimental results. Our approach combines features from earlier work on both parallel processing systems and heterogeneous distributed computing systems. Using the testbed we have found that data coercion costs are not a serious obstacle to high performance, but that load imbalance induced by differing processor capabilities can limit performance. We then present a mechanism to overcome load imbalance that utilizes user-provided callbacks.

A number of efforts in heterogeneous computing involve the development of basic architecture independent communication primitives. We present a new programming paradigm, called ActorSpace, which provides a new communication model based on destination patterns. An actorspace is a computationally passive container of actors which acts as a context for matching patterns. Patterns are matched against listed attributes of actors and actorspaces that are visible in the actorspace. Both visibility and attributes are dynamic. Messages may be sent to one or all members of a group defined by a pattern. The paradigm provides powerful support for component-based construction of heterogeneous scalable distributed applications. In particular, it supports open interfaces to servers and pattern-directed access to software repositories. 1 Introduction Heterogeneous systems are an integral part of computing today. Our approach to heterogeneity is to provide an abstraction layer on top of different arc...

Abstract Network-based learning is now such an important area that it would seem timely to examine progress to date and to draw conclusions regarding the direction of further research. This paper is the result of a survey of computer systems for distributed and distance learning, focusing on projects that help to illustrate the evolution of this important field. An examination such as this is important in its own right as a resource for other researchers wishing to pursue the subject further, but the survey also helps to highlight some of the major trends of past projects and to suggest some of the ways in which progress may be made in the future.

As computers and computer networks become commonplace, electronic communication is rising in importance and utility. The challenge is to take a large, distributed computing environment and build a system which allows its users to communicate effectively and efficiently with each other. This paper compares and contrasts several common types of electronic communication, focusing on electronic conferencing. We describe the implementation of such a system, Discuss, for the computing environment found at MIT. Issues covered include the basic model of an electronic meeting, the currently implemented user interfaces, separation of user interface from underlying operations, splitting the workload between client and server, communications issues created by the heterogeneous environment, authentication and authorization, notification, and unification of the numerous subordinate UNIX 3 libraries into a coherent whole. The paper next summarizes the Discuss system's current usage, then...

Helping users learn the intricacies of UNIX, particularly in a custom environment, is always a challenge. Helping thousands of users in an environment that is distributed both geographically and computationally is especially difficult. Project Athena has developed an "On-Line Consulting" system (OLC) that enables users to ask questions of consultants located "somewhere on the network." OLC allows a staff on the order of twenty students to handle the questions and problems of over 8000 users on a network of more than 900 workstations. This paper describes the motives and design goals for OLC, its implementation, and some of the results of its three years of operation. 1. Background on Project Athena Project Athena was originally conceived as a five-year experiment in the uses of computers in undergraduate education at the Massachusetts Institute of Technology. With support from Digital Equipment Corporation and International Business Machines Corp., M.I.T. embarked on the construction ...

This paper describes the mechanisms employed to control access to system services on the IFS project. We base our distributed computing environment on systems that we trust, and run those systems in physically secure rooms. From that base, we add services, modifying them to interoperate with existing access control mechanisms. Some weaknesses remain in our environment; we conclude with a description of present vulnerabilities and future plans.