Computing systems have been under increasingly sophisticated attack over the Internet and by using dial-up access ports. One form of attack is eavesdropping on network connections to obtain login id's and passwords of legitimate users. This information is used at a later time to attack the system. We have developed a prototype software system, the S/KEY TM one-time password system, to counter this type of attack and have been using it experimentally for external access to a research computer complex at Bellcore. The S/KEY system has several advantages compared with other one-time or multi-use authentication systems. The user's secret password never crosses the network during login or when executing other commands requiring authentication such as the UNIX passwd (change password) or su (change privilege) commands. No secret information is stored anywhere, including on the host being protected, and the underlying algorithm may be made public. The remote end (client) of this system can...

Abstract not found

In recent years, scale has become a factor of increasing importance in the design of distributed systems. The scale of a system has three dimensions: numerical, geographical, and administrative. The numerical dimension consists of the number of users of the system, and the number of objects and services encompassed. The geographical dimension consists of the distance over which the system is scattered. The administrative dimension consists of the number of organizations that exert control over pieces of the system. The three dimensions of scale affect distributed systems in many ways. Among the affected components are naming, authentication, authorization, accounting, communication, the use of remote resources, and the mechanisms by which users view the system. Scale affects reliability: as a system scales numerically, the likelihood that some host will be down increases; as it scales geographically, the likelihood that all hosts can communicate will decrease. Scale also affects perfor...

{rameshch, nickolai, csapuntz,

Abstract not found

Abstract not found

Truffles is a system meant to address some of the major issues that still make it difficult to share files between users at different sites. In particular, it addresses the problems associated with secure file sharing, and the problems of high administrative overhead. Truffles will combine facilities of the Ficus file system and TIS/PEM, a privacy enhanced mail system, to make file sharing considerably easier. Truffles must deal with several important security problems, including secure transport of data, authentication of the users sharing files, handling of different administrative domains, and permitting system administrators to control, flexibly, yet easily, what sorts of sharing are done. This paper describes these problems and the solutions Truffles will use. INTRODUCTION Users who share a single machine, or who share a single administrative domain over a local area network, are able to share files with each other very easily. Users can share source code for programs they are d...

Execution profiles are important in analyzing the performance of computer programs on a given computer system. However, accurate and complete profiles are difficult to arrive at for programs that follow the client-server model of computing, as in the popular X Window System. In X Window applications, considerable computation is invoked at the display server and this computation is an important part of the overall execution pro le. The profiler presented in this paper generates meaningful profiles for X Window applications by estimating the time spent in servicing the messages in the display server. The central idea is to analyze a protocol-level trace of the interaction between the application and the display server and thereby construct an execution profile from the trace and a set of metrics about the target display server. Experience using the profiler for examining bottlenecks is presented.

The Truffles file system supports file sharing between arbitrary users at arbitrary sites connected by a network. Truffles is an interesting example of a service of the future that will automatically allow users to collaborate with other users anywhere in the world in ways not currently possible. These services, and Truffles in particular, have the potential of greatly increasing the workload of system administrators, if the services are not designed properly. This paper describes how Truffles approaches solving its problems without unduly burdening system administrators. INTRODUCTION As improvements in hardware and software make new services available, users naturally want to take advantage of them. Frequently, however, a new service means a new burden for system administrators. Beyond the inevitable costs of installing and maintaining the service, however, some services may require more frequent ongoing attention. In particular, a class of services of the future will make resources...

Computing systems have been under increasingly sophisticated attack over the Internet and by using dial-up access ports. One form of attack is eavesdropping on network connections to obtain login id’s and passwords of legitimate users. This information is used at a later time to attack the system. We have developed a prototype software system, the S/KEYTM one-time password system, to counter this type of attack and have been using it experimentally for external access to a research computer complex at Bellcore. The S/KEY system has several advantages compared with other one-time or multi-use authentication systems. The user’s secret password never crosses the network during login or when executing other commands requiring authentication such as the UNIX passwd (change password) or su (change privilege) commands. No secret information is stored anywhere, including on the host being protected, and the underlying algorithm may be made public. The remote end (client) of this system can run on any locally available computer and the host end (server) can be integrated into any application requiring authentication. The S/KEY authentication system has been in experimental use at Bellcore for two years. It is available by anonymous ftp on the Internet.