This Article 
 Bibliographic References 
 Add to: 
Authentication Mechanisms in Microprocessor-Based Local Area Networks
May 1989 (vol. 15 no. 5)
pp. 654-658

The problem of authenticating the users of a computer network in order to protect the shared resources against unauthorized use is discussed. Since intruders could enter the network and try to use services they have no right to access, the host implementing the service (or server) has to check the user's identity and access rights by searching in the relevant database. The author presents a method of carrying out such checks efficiently. The basic idea is that a suitable interface process is associated with each user-server connection in order to filter out unauthorized requests, thus implementing a sort of cache with parallel search where the working set of the whole database is stored and explored. The use of the interface process enables the system to exploit the hardware support for capability checking provided by new microprocessors. In particular, an implementation using iAPX432-based hosts is illustrated and performance issues are discussed.

[1] P. J. Denning, "Fault-tolerant operating systems,"ACM Comput. Surveys, vol. 4, pp. 359-389, Dec. 1976.
[2] M.E. Houdek, F.G. Soltis, and R.L. Hoffman, "IBM System/38 Support for Capability-Based Addressing,"Proc. Eighth Symp. Computer Architecture. New York, N.Y., May 1981.
[3] A. K. Jones, R. J. Chansler, I. Durham, J. Mohan, K. Schwan, and S. Vegdahl, "Staros, a multiprocessor operating system," inProc. 7th ACM Symp. Operating System Principles, Asilomar, CA, Dec. 10-12, 1979, pp. 117-127.
[4] B. W. Lampson, "Protection," inProc. Fifth Annu. Princeton Conf. Information Science Systems, 1971, pp. 437-443; reprinted inACM Operat. Syst. Rev., vol. 8, no. 1, pp. 18-24, Jan. 1974.
[5] T. A. Linden, "Operating system structures to support security and reliable software,"ACM Comput. Surveys, vol. 18, Dec. 1976.
[6] M. V. Wilkes and R. M. Needham,The Cambridge CAP Computer and Its Operating System. Amsterdam: Elsevier-North Holland, 1979.
[7] E. Cohen and D. Jefferson, "Protection in the Hydra operating system," inProc. 5th Symp. Oper. Syst. Principles, vol. 9, no. 5, 1976.
[8] Roger Needham and Michael Schroeder, "Using Encryption for Authentication in Large Networks of Computers,"Comm. ACM, Vol. 21, No. 12, Dec. 1978, pp. 993- 999.
[9] J. E. Donnelley and J. G. Fletcher, "Resources access control in a network operating system," presented at the ACM Pacific '80 Conf., Nov. 1980.
[10] iAPX-432 General Data Processor Architecture Reference Manual, Intel Corp., 1981.
[11] S. J. Mullender and A. S. Tanenbaum, "Protection and resource control in distributed operating systems,"Comput. Networks, vol. 8, pp. 421-432, Nov. 1984.
[12] S. Rivoira and A. Valenzano, "A distributed operating system for object-based machines," inProc. Int. Conf. Parallel Processing, Bellaire, Aug. 1984, pp. 46-50.
[13] K. Ramamritham, D. Stemple, D. A. Briggs, and S. Vinter, "Privilege transfer and revocation in a port-based system,"IEEE Trans. Software Eng., vol. SE-12, pp. 635-648, May 1986.
[14] W. A. Wulf, E. Cohe, W. Corwin, A. Jones, R. Levin, C. Pierson, and F. Pollack, "HYDRA: The kernel of a multiprocessor operating system,"Commun. ACM, vol. 17, pp. 337-345, June 1974.
[15] G. T. Almes, A. P. Black, E. D. Lazowska, and J. D. Noe, "The Eden system: A technical review,"IEEE Trans. Software Eng., vol. SE-11, pp. 43-59, Jan. 1985.
[16] D. R. Cheriton, "The V kernel: A software base for distributed systems,"IEEE Software, vol. 1, pp. 19-42, Apr. 1984.
[17] A.S. Tanenbaum, "Distributed Operating System,"Computing Surveys, Dec. 1985, pp. 419-470.

Index Terms:
authentication mechanisms; microprocessor-based local area networks; protect; shared resources; unauthorized use; intruders; service; server; check; identity; access rights; searching; database; interface process; user-server connection; unauthorized requests; cache; parallel search; hardware support; capability checking; iAPX432-based hosts; performance issues; local area networks; security of data
L. Ciminiera, A. Valenzano, "Authentication Mechanisms in Microprocessor-Based Local Area Networks," IEEE Transactions on Software Engineering, vol. 15, no. 5, pp. 654-658, May 1989, doi:10.1109/32.24716
Usage of this product signifies your acceptance of the Terms of Use.