NASA Logo

NTRS

NTRS - NASA Technical Reports Server

Back to Results
UNIX security in a supercomputing environmentThe author critiques some security mechanisms in most versions of the Unix operating system and suggests more effective tools that either have working prototypes or have been implemented, for example in secure Unix systems. Although no computer (not even a secure one) is impenetrable, breaking into systems with these alternate mechanisms will cost more, require more skill, and be more easily detected than penetrations of systems without these mechanisms. The mechanisms described fall into four classes (with considerable overlap). User authentication at the local host affirms the identity of the person using the computer. The principle of least privilege dictates that properly authenticated users should have rights precisely sufficient to perform their tasks, and system administration functions should be compartmentalized; to this end, access control lists or capabilities should either replace or augment the default Unix protection system, and mandatory access controls implementing multilevel security models and integrity mechanisms should be available. Since most users access supercomputing environments using networks, the third class of mechanisms augments authentication (where feasible). As no security is perfect, the fourth class of mechanism logs events that may indicate possible security violations; this will allow the reconstruction of a successful penetration (if discovered), or possibly the detection of an attempted penetration.
Document ID
19900047379
Acquisition Source
Legacy CDMS
Document Type
Conference Paper
Authors
Bishop, Matt
(Dartmouth College Hanover, NH, United States)
Date Acquired
August 14, 2013
Publication Date
January 1, 1989
Subject Category
Computer Programming And Software
Meeting Information
Meeting: Supercomputing ''89
Location: Reno, NV
Country: United States
Start Date: November 13, 1989
End Date: November 17, 1989
Accession Number
90A34434
Funding Number(s)
CONTRACT_GRANT: NAG2-480
Distribution Limits
Public
Copyright
Other

Available Downloads

There are no available downloads for this record.
No Preview Available