The CRISIS wide area security architecture
USENIX Security(1998)
摘要
This paper presents the design and implementation of a new authentication and access control system, called CRISIS. A goal of CRISIS is to explore the systematic application of a number of design principles to building highly secure systems, including: redundancy to eliminate single points of attack, caching to improve performance and availability over slow and unreliable wide area networks, fine-grained capabilities and roles to enable lightweight control of privilege, and complete local logging of all evidence used to make each access control decision. Measurements of a prototype CRISIS-enabled wide area file system show that in the common case CRISIS adds only marginal overhead relative to unprotected wide area accesses.
更多查看译文
关键词
secure system,design principle,crisis wide area security,unreliable wide area network,access control system,common case,lightweight control,unprotected wide area access,access control decision,wide area file system,fine-grained capability,security architecture
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络