USENIX 2003 Annual Technical Conference, FREENIX Track Abstract
|Pp. 165-178 of the Proceedings|
Secure and Flexible Global File Sharing
Stefan Miltchev, University of Pennsylvania; Vassilis Prevelakis, Drexel University; Sotiris Ioannidis, University of Pennsylvania; John Ioannidis, AT&T Labs - Research; Angelos D. Keromytis, Columbia University; Jonathan M. Smith, University of Pennsylvania
Trust management credentials directly authorize actions, rather than divide the authorization task into authentication and access control. Unlike traditional credentials, which bind keys to principals, trust management credentials bind keys to the authorization to perform certain tasks.
The Distributed Credential FileSystem (DisCFS) uses trust management credentials to identify: (1) files being stored; (2) users; and (3) conditions under which their file access is allowed. Users share files by delegating access rights, issuing credentials in the style of traditional capabilities. Credentials permit, for example, access by remote users not known in advance to the file server, which simply enforces sharing policies rather than entangling itself in their management. Throughput and latency benchmarks of our prototype DisCFS implementation indicate performance roughly comparable to NFS version 2, while preserving the advantages of credentials for distributed control.
- View the full text of this paper in HTML or
Until June 2004, you will need your USENIX membership identification in order to access the full papers. The Proceedings are published as a collective work, © 2003 by the USENIX Association. All Rights Reserved. Rights to individual papers remain with the author or the author's employer. Permission is granted for the noncommercial reproduction of the complete work for educational or research purposes. USENIX acknowledges all trademarks within this paper.
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.