The Digital Distributed System Security Architecture

Morrie Gasser, Andy Goldstein, Charlie Kaufman, and Butler Lampson


Citation: M. Gasser, A. Goldstein, C. Kaufman, and B. Lampson. The Digital distributed system security architecture. Proc. 12th National Computer Security Conf., NIST/NCSC, Baltimore, 1989, pp 305-319.

Links: Abstract, Word, Web page, Acrobat, Postscript as published, Acrobat as published.

Email: This paper is at



The Digital Distributed System Security Architecture is a comprehensive specification for security in a distributed system that employs state-of-the-art concepts to address the needs of both commercial and government environments. The architecture covers user and system authentication, mandatory and discretionary security, secure initialization and loading, and delegation in a general-purpose computing environment of heterogeneous systems where there are no central authorities, no global trust, and no central controls. The architecture prescribes a framework for all applications and operating systems currently available or to be developed. Because the distributed system is an open OSI environment, where functional interoperability only requires compliance with selected protocols needed by a given application, the architecture must be designed to securely support systems that do not implement or use any of the security services, while providing extensive additional security capabilities for those systems that choose to implement the architecture.