From: ahemavathy (ahemavathy_at_hotmail.com)
Date: Wed Jan 07 2004 - 16:59:14 PST
I found this paper very interesting and easy to read although long . The paper discusses the key security features of the multics system operating at MIT in 1973. The set of 5 design principles are impressive although simple as even current systems are built upon the same. The functional objectives such as decentralization and protected subsystems ( exceptions to general rules) are well thought objectives. I came to know Multics stands for Multiplexed Information and Computing Service only from the Internet.
The central fixture of Multics is an organized information storage system. The storage system is integrated with the memory access system so that programs access files by making memory references. Storage is organized as Segments. Each of the segments is associated with ACL ( access control list) which is a list of person names, project names and compartments in combination specifying individual and group access rights to a segment. In addition, there are 3 modes of access r,w and e - combinations of which can be assigned to an ACL entry.
The author discusses the pros and cons of any design adopted. He gives examples of why they chose a feature over another and supports their decision by exposing problems that other systems had faced. This especially made the paper interesting to read. I liked this statement. "The Multics ACL mechanism represents an engineering tradeoff among three conflicting goals : flexibility of expression, ease of understanding and use, and economy of implementation. These are the very same tradeoff decisions that shape security systems today.
Multics implements a hierarchical control of access specification. As far as "Authentication of user" the author's discussion on passwords is a bit disturbing. I was surprised that users are encouraged to obtain their passwords from a password generator program. Also he mentions the password file is "mildly" encrypted. But other than that time-outs, locking out a user due to repeated failed logins features are very good. I agree with the author on his philosophy that passwords would never be shared if we provide an environment in which there is never any need for anyone to know a password other than his own.
I couldn't clearly follow descriptors and how they take care of programs from influencing with one another. Finally the author mentions that multics comes at an acceptable price (performance being the trade off) It would have helped to know the amount of trade off.
This archive was generated by hypermail 2.1.6 : Wed Jan 07 2004 - 16:59:21 PST