Back to index

Authentication in Distributed Systems: Theory and Practice

Butler Lampson, Martin Abadi, Michael Burrows, Edward Wobber, DEC SRC

One-line summary: Formal description of how to build the end-to-end-secure (e2es) OS, based on notion of a "principal" (requesting agent), the relation that one principal can "speak for" another, a few varieties of "speak-for" that combine and limit authority in various ways, and various formal proofs that show how to securely generate and "hand off" the different kinds of speaks-for relation among principals.

Overview/Main Points

Concepts: Techniques:


Formal discussion of how to build an OS that is end-to-end-secure, from booting through running programs in an untrusted infrastructure while allowing secure transfer of authority from user to hardware to program. Some contributions include:


Rambling, not well written, not tightly argued, a lot of effort to get to the main points (which though relevant are not spelled out). Terminology not consistent with earlier related papers (e.g. A Logic of Authentication).
Back to index