Check out the new USENIX Web site.

Home About USENIX Events Membership Publications Students
USENIX 2003 Annual Technical Conference, FREENIX Track — Paper    [USENIX Annual Conference '03 Tech Program Index]

Pp. 165-178 of the Proceedings
next up previous
Next: Introduction

Secure and Flexible Global File Sharing

Stefan Miltchev Vassilis Prevelakis Sotiris Ioannidis    
University of Pennsylvania Drexel University University of Pennsylvania    
John Ioannidis Angelos D. Keromytis Jonathan M. Smith    
AT&T Labs - Research Columbia University University of Pennsylvania    


Trust management credentials directly authorize actions, rather than divide the authorization task into authentication and access control. Unlike traditional credentials, which bind keys to principals, trust management credentials bind keys to the authorization to perform certain tasks.

The Distributed Credential FileSystem (DisCFS) uses trust management credentials to identify: (1) files being stored; (2) users; and (3) conditions under which their file access is allowed. Users share files by delegating access rights, issuing credentials in the style of traditional capabilities. Credentials permit, for example, access by remote users not known in advance to the file server, which simply enforces sharing policies rather than entangling itself in their management. Throughput and latency benchmarks of our prototype DisCFS implementation indicate performance roughly comparable to NFS version 2, while preserving the advantages of credentials for distributed control.

Keywords: Filesystems, access control, trust management, credentials.

next up previous
Next: Introduction
Stefan Miltchev

This paper was originally published in the Proceedings of the USENIX Annual Technical Conference (FREENIX Track), June 9 – 14, 2003, San Antonio, TX, USA
Last changed: 3 Jun 2003 aw
Technical Program
USENIX 2003 Annual Technical Conference Home