A Model for Data Secure Systems. Part III. A Deadlock Based Protection Mechanism

Abstract : A theory of deadlock and its application to computer security is presented. The use of a real process to achieve security deadlocks in a protection mechanism is analyzed and found to be too restrictive. An alternative approach which uses pseudo processes is proposed. Security deadlocks are resulted from real process requests for denied access and from incipient deadlock situations created by the pseudo processes. A queue structure is used as the basic component of the deadlocking mechanism. A set of five basic functions, which manipulate the queues are described. Using only these five functions, deadlock security can be maintained in the queue structure. Furthermore, an example of deadlock security being incorporated into an existing system is described. Finally, additional benefits in using a deadlock-based mechanism such as dynamic auditing and charging security overhead only to violators are motivated.