Information security is important in proportion to an organization's dependence on information technology. When an organization's information is exposed to risk, the use of information security technology is obviously appropriate. Current information security technology, however, deals with only a small fraction of the problem of information risk. In fact,… (More)
Mobile code is an exciting new technology. By its very nature, however, it is fraught with inherent security risks. In the paper, we give an overview of some of the techniques for securing mobile code environments that have been suggested and deployed. We examine the sandbox approach, code signing, hybrid approaches, rewalling techniques and proof carrying… (More)
Maintaining, managing, and supporting an unbounded number of distributed network services on multiple server instances requires new solutions. Moira, the Athena Service Management System provides centralized control of data administration, a protocol for interface to the database, tools for accessing and modifying the database, and an automated mechanism… (More)
We show that the Kerberos Authentica-tion System can relax its requirement for synchronized clocks, with only a minor change which is consistent with the current protocol. Synchronization has been an important limitation of Kerberos; it imposes political costs and technical ones. Further, Kerberos' reliance on synchronization obstructs the secure… (More)
Security people are never in charge unless an acute embarrassment has occurred. Otherwise, their advice is tempered by “economic reality,” which is to say that security is a means, not an end. This is as it should be. Since means are about tradeoffs, security is about trade-offs, but you knew all that.