7th USENIX Security Symposium, San Antonio, Texas
The CRISIS Wide Area Security Architecture
Eshwar Belani and Amin Vahdat, University of California, Berkeley;
Thomas Anderson, University of Washington, Seattle;
Michael Dahlin, University of Texas, Austin
This paper presents the design and implementation of a new
authentication and access control system, called CRISIS. A goal of
CRISIS is to explore the systematic application of a number of design
principles to building highly secure systems, including: redundancy to
eliminate single points of attack, caching to improve performance and
availability over slow and unreliable wide area networks, fine-grained
capabilities and roles to enable lightweight control of privilege, and
complete local logging of all evidence used to make each access
Measurements of a prototype CRISIS-enabled wide area file system show
that in the common case CRISIS adds only marginal overhead relative to
unprotected wide area accesses.
- View the full text of this paper in
HTML form and
- If you need the latest Adobe Acrobat Reader, you can download it from Adobe's site.
- To become a USENIX Member, please see our Membership Information.