From: Gail Rahn (gail_at_screaminggeek.com)
Date: Wed Jan 07 2004 - 16:22:39 PST
The Saltzar paper extends the progression of operating system complexity and
feature density by depicting MULTICS, a prototype operating system that
implements protection and information-sharing mechanisms. Where in THE we
saw no file protection, and in UNIX we saw a file system and basic access
control using six-bits of permissions, in the MULTICS we discover initial
cuts at access control lists, user authentication, file and directory
permissions, user-based permissions (in users and superusers),
In the Saltzar paper we see the beginnings of the security obsession. When
can a file be accessedThe authors were able to do significant analysis on
the practical, everyday operation of MULTICS because it was an actual
computing system in daily use at MIT. No doubt, this usage and testing
displayed many of the design limitations encountered and described by the
authors.
A fault in the Saltzar paper is the setting of physical storage limits as a
unit of access control. I'm not sure what happens when a file larger than
the segment size is attempted to be created or secured. Are the ACLs copied?
And then subject to independent change?
trapping
A good
I am reading the Saltzar paper while wrapping up my own secure system design
(for something much smaller than an OS), and it's heartening to see
foundational principles in early action - principle of least privilege,
avoidance of design obfuscation and no caching of security...
-- Gail.
-------------
Gail Rahn
gail_at_screaminggeek.com
206.719.5563
Screaming Geek Software
www.screaminggeek.com
This archive was generated by hypermail 2.1.6 : Wed Jan 07 2004 - 16:22:47 PST