May 19, 2003
4 - 5 PM
2310 CS
|
David Presotto (web)
Computer Sciences Research Center (web)
Bell Labs (web)
Security in Plan 9
The security architecture of the Plan
9 operating system has recently been
redesigned to address some technical
shortcomings. This redesign provided
an opportunity also to make the system
more convenient to use securely. Plan
9 has thus improved in two ways not
usually seen together: it has become
more secure and easier to use.
The central component of the new
architecture is a per-user
self-contained agent called factotum.
Factotum securely holds a copy of the
user's keys and negotiates
authentication protocols, on behalf of
the user, with secure services around
the network. Concentrating security
code in a single program offers
several advantages including: ease of
update or repair to broken security
software and protocols; the ability to
run secure services at a lower
privilege level; uniform management of
keys for all services; and an
opportunity to provide single sign on,
even to unchanged legacy applications.
Cookies: 3:30 PM, 2310 CS
|