Michael D. Schroeder

Learn More
Use of encryption to achieve authenticated communication in computer networks is discussed. Example protocols are presented for the establishment of authenticated connections, for the management of authenticated mail, and for signature verification and document integrity guarantee. Both conventional and public-key encryption algorithms are considered as the(More)
This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures--whether hardware or software--that are necessary to support information protection. The paper develops in three main sections. Section I describes desired functions, design principles,(More)
Autonet is a self-configuring local area network composed of switches interconnected by 100 Mbit/second, full-duplex, point-to-point links. The switches contain 12 ports that are internally connected by a full crossbar. Switches use cut-through to achieve a packet forwarding latency as low as 2 microseconds per switch. Any switch port can be cabled to any(More)
Grapevine is a multicomputer system on the Xerox research internet. It provides facilities for the delivery of digital messages such as computer mail; for naming people, machines, and services; for authenticating people and machines; and for locating services on the internet. This paper has two goals: to describe the system itself and to serve as a case(More)
In a paper published in 1978 (Needham & Schroeder) we presented protocols for the use of encryption for authentication in large networks of computers. Subsequently the protocols were criticised (Denning and Sacco) on the grounds that compromise' of a session key and copying of an authenticator would enable an enemy to pretend indefinitely to be the(More)
Current ber optic networks e ectively provide local connectivity among end user computing devices, and can serve as backbone fabric between LAN subnets across campus and metropolitan areas. However, combining both stream service (in which ATM excels) and low latency datagram service (in which cluster networks like Myrinet and POLO excel) has been di cult to(More)
Grapevine is a distributed, replicated system that provides message delivery, naming, authentication, resource location, and access control services in an internet of computers. The system, described in a previous paper [1], was designed and implemented several years ago. We now have had operational experience with the system under substantial load. This(More)
Protection of computations and information is an important aspect of a computer utility. In a system which uses segmentation as a memory addressing scheme, protection can be achieved in part by associating concentric rings of decreasing access privilege with a computation. This paper describes hardware processor mechanisms for implementing these rings of(More)