From: Slavik Krassovsky (viatk_at_windows.microsoft.com)
Date: Wed Jan 07 2004 - 17:15:30 PST
In this paper dated 1974 the author provides in-depth look into
design and implementation of the security features of the Multics
system. Features like access control lists, user's authentication and
authorization, and memory protection are discussed.
I found the paper complex and it was hard for me to comprehend all the
details; however I can see that there are many ideas for it are quite
influential.
Design principals section is excellent, it lays out a solid foundation
for secure software.
The idea of <user>.<project>.<compartment> triple in access control
lists seems to be too much inflexible, yet complex to me - I would favor
more the simplicity of UNIX or flexibility and richness of Windows 2000.
I was pleasantly surprised to see the weaknesses section in that paper
- now I believe all the security papers should have one (see principal 3
- the design should not be a secret).
This archive was generated by hypermail 2.1.6 : Wed Jan 07 2004 - 17:15:52 PST