Authentication Mechanisms in Microprocessor-Based Local Area Networks

The problem of authenticating the users of a computer network in order to protect the shared resources against unauthorized use is discussed. Since intruders could enter the network and try to use services they have no right to access, the host implementing the service (or server) has to check the user's identity and access rights by searching in the relevant database. The author presents a method of carrying out such checks efficiently. The basic idea is that a suitable interface process is associated with each user-server connection in order to filter out unauthorized requests, thus implementing a sort of cache with parallel search where the working set of the whole database is stored and explored. The use of the interface process enables the system to exploit the hardware support for capability checking provided by new microprocessors. In particular, an implementation using iAPX432-based hosts is illustrated and performance issues are discussed