- ...Architecture
- This work
was supported in part by the Defense Advanced Research Projects Agency
(N00600-93-C-2481, F30602-95-C-0014), the National Science Foundation
(CDA 9401156), Sun Microsystems, California MICRO, Novell, Hewlett
Packard, Intel, Microsoft, and Mitsubishi. Anderson was supported by
a National Science Foundation Presidential Faculty Fellowship. For more
information, please see https://now.cs.berkeley.edu/WebOS, or
send email to vahdat@cs.berkeley.edu.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Belani
- Computer Science Division, University of
California, Berkeley
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Vahdat
-
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Anderson
- Department of Computer Science and
Engineering, University of Washington, Seattle
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...Dahlin
- Computer Science Department, University of
Texas, Austin
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...role)
- Even if a smart card is used for
authentication, it may still be desirable to require joint endorsement
of a login session from both the target login machine and the user's
home domain. Thus, if remote login is locally authorized, the home
domain may disallow the login as a matter of policy. For example,
login to a competitor's machine may be disallowed to prevent spoofing
attacks.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
- ...follows
- We present one simple scheme; other
zero-knowledge algorithms such as Fiat-Shamir [Fiat & Shamir 1987] could also
be utilized.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
