Showing papers on "Authentication published in 1976"
1 Jun 1976
TL;DR: It is demonstrated that the amount of protected, privileged code related to process initiation in a computer utility can be greatly reduced by making process creation unprivileged.
Abstract: This thesis demonstrates that the amount of protected, privileged code related to process initiation in a computer utility can be greatly reduced by making process creation unprivileged. The creation of processes can be controlled by the standard mechanism for controlling entry to a domain, which forces a new process to begin execution at a controlled location. Login of users can thus be accomplished by an unprivileged creation of a process in the potential user''s domain, followed by authentication of the user by an unprivileged initial procedure in that domain. The thesis divides the security constraints provided by a computer utility into three classes: Access control, prevention unauthorized denial of service, and confinement. We develop a model that divides process changing, resource control, authentication, and environment initialization. We show which classes of security constraints depend on each of these functions and show how to implement the functions such that these are the only dependencies present. The thesis discusses an implementation of process initiation for the Multics computer utility based on the model. The major problems encountered in this implementation are presented and discussed. We show that this implementation is substantially simpler and more flexible than that used in the current Multics system. 61+9876541
3 citations
24 Mar 1976
TL;DR: The techniques that apply and, in particular, those that provide for better security, are more readily implemented in a system with common channel signaling where signaling speeds are considerably faster than those that are used in present-day practice.
Abstract: Various levels of protection from unauthorized use of a mobile-telephone service can be provided where the exchange for the service is under stored-program control. The security techniques that provide this protection can be upgraded on a per-subscriber or per-system basis as the incidence of unauthorized use increases. The "ultimate" arrangement provides for the encryption of variable passwords. Proper protection of auxiliary storage devices precludes compromise of the cipher-keys assigned to individual mobile units. The techniques that apply and, in particular, those that provide for better security, are more readily implemented in a system with common channel signaling where signaling speeds are considerably faster than those that are used in present-day practice.