{"title":"透明不信任:操作系统支持大规模加密","authors":"M. Blaze","doi":"10.1109/WWOS.1993.348165","DOIUrl":null,"url":null,"abstract":"This position paper advocates the development of new mechanisms to support cooperative computing requiring less than complete trust. Traditional OS security mechanisms have assumed a monolithic or hierarchical model for controlling and arbitrating access to local resources. Operating systems authenticate users as they log in and enforce controlled access to files, devices and memory. Distributed systems change the picture somewhat, with less-trusted clients obtaining some resources from centralized servers, but typically retain some notion of central authority within a framework of global trust and control. Boundaries of trust are going to become increasingly important to future workstation operating systems. Cryptographic algorithms and protocols can protect these boundaries, but the interfaces to them need some attention first. Our experiences, which are admittedly within the research environment, lead us to believe that cryptographic protection can be quite practical across a variety of layers of the system; importantly, no one layer emerges as a decisive winner as to where this protection best belongs. (The application layer, however, does appear to be the clear loser.).<<ETX>>","PeriodicalId":345070,"journal":{"name":"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III","volume":"22 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"1993-10-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"4","resultStr":"{\"title\":\"Transparent mistrust: OS support for cryptography-in-the-large\",\"authors\":\"M. Blaze\",\"doi\":\"10.1109/WWOS.1993.348165\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"This position paper advocates the development of new mechanisms to support cooperative computing requiring less than complete trust. Traditional OS security mechanisms have assumed a monolithic or hierarchical model for controlling and arbitrating access to local resources. Operating systems authenticate users as they log in and enforce controlled access to files, devices and memory. Distributed systems change the picture somewhat, with less-trusted clients obtaining some resources from centralized servers, but typically retain some notion of central authority within a framework of global trust and control. Boundaries of trust are going to become increasingly important to future workstation operating systems. Cryptographic algorithms and protocols can protect these boundaries, but the interfaces to them need some attention first. Our experiences, which are admittedly within the research environment, lead us to believe that cryptographic protection can be quite practical across a variety of layers of the system; importantly, no one layer emerges as a decisive winner as to where this protection best belongs. (The application layer, however, does appear to be the clear loser.).<<ETX>>\",\"PeriodicalId\":345070,\"journal\":{\"name\":\"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III\",\"volume\":\"22 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"1993-10-14\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"4\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/WWOS.1993.348165\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of IEEE 4th Workshop on Workstation Operating Systems. WWOS-III","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/WWOS.1993.348165","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Transparent mistrust: OS support for cryptography-in-the-large
This position paper advocates the development of new mechanisms to support cooperative computing requiring less than complete trust. Traditional OS security mechanisms have assumed a monolithic or hierarchical model for controlling and arbitrating access to local resources. Operating systems authenticate users as they log in and enforce controlled access to files, devices and memory. Distributed systems change the picture somewhat, with less-trusted clients obtaining some resources from centralized servers, but typically retain some notion of central authority within a framework of global trust and control. Boundaries of trust are going to become increasingly important to future workstation operating systems. Cryptographic algorithms and protocols can protect these boundaries, but the interfaces to them need some attention first. Our experiences, which are admittedly within the research environment, lead us to believe that cryptographic protection can be quite practical across a variety of layers of the system; importantly, no one layer emerges as a decisive winner as to where this protection best belongs. (The application layer, however, does appear to be the clear loser.).<>
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
