论文信息 - Protection: principles and practice

Protection: principles and practice

The protection mechanisms of computer systems control the access to objects, especially information objects. The range of responsibilities of these mechanisms includes at one extreme completely isolating executing programs from each other, and at the other extreme permitting complete cooperation and shared access among executing programs. Within this range one can identify at least seven levels at which protection mechanisms can be conceived as being required, each level being more difficult than its predecessor to implement: 1. No sharing at all (complete isolation). 2. Sharing copies of programs or data files. 3. Sharing originals of programs or data files. 4. Sharing programming systems or subsystems. 5. Permitting the cooperation of mutually suspicious subsystems---e.g., as with debugging or proprietary subsystems. 6. Providing "memoryless" subsystems---i.e., systems which, having performed their tasks, are guaranteed to have kept no secret record of the task performed (an income-tax computing service, for example, must be allowed to keep billing information on its use by customers but not to store information secretly on customers' incomes). 7. Providing "certified" subsystems---i.e., those whose correctness has been completely validated and is guaranteed a priori.

[1] Peter J. Denning,et al. Third Generation Computer Systems , 1971, CSUR.

[2] Takashi Masuda,et al. The HITAC5020 time sharing system , 1969, ACM '69.

[3] Lance J. Hoffman,et al. Computers and Privacy: A Survey , 1969, CSUR.

[4] David C. Evans,et al. Address mapping and the control of access in an interactive computer , 1967, AFIPS '67 (Spring).

[5] Maurice V. Wilkes,et al. Time-sharing computer systems , 1968 .

[6] Robert M. Graham,et al. Protection in an information processing utility , 1967, SOSP.

[7] R. Stockton Gaines. An operating system based on the concept of a supervisory computer , 1971, OPSR.

[8] Butler W. Lampson,et al. Dynamic protection structures , 1899, AFIPS '69 (Fall).

[9] R. Stockton Gaines,et al. An operating system based on the concept of a supervisory computer , 1972, CACM.

[10] Jerome H. Saltzer,et al. A hardware architecture for implementing protection rings , 1972, CACM.

[11] Robert C. Daley,et al. The multics virtual memory , 1969, SOSP '69.