Security in Plan 9

The security architecture of the Plan 9" operating system has recently been redesigned to address some technical shortcomings. This redesign provided an opportunity also to make the system more conve­ nient to use securely. Plan 9 has thus improved in two ways not usually seen together: it has become more secure and easier to use. The central component of the new architecture is a per-user selfcontained agent called factotum. Factotum securely holds a copy of the user s keys and negotiates authentication protocols, on behalf of the user, with secure services around the network. Concentrating security code in a single program offers several advantages including: ease of update or repair to broken security software and protocols; the ability to run secure services at a lower privilege level; uniform management of keys for all services; and an opportunity to provide single sign on, even to unchanged legacy applications. Factotum has an unusual architec­ ture: it is implemented as a Plan 9 file server.