From: Joanna Muench (joannam_at_spro.net)
Date: Wed Jan 07 2004 - 17:54:23 PST
This paper presents an exhaustive description of the design mechanisms
to control information sharing in Multics. The paper roots its
discussion with an explanation of the five foundation design principles
used in the development of Multics. These principles, combined with a
clearly stated objective make this an extremely rewarding and demanding
paper to read.
The primary mechanism for protection is the storage system, organized by
segments. These segments are associated by an access control list which
governs who can access the segment and the mode of access. The paper
also discusses how the access control list inherits from its directory
location, some of the dilemmas of user authentification and how the
access control list is extended into primary memory protection. It
concludes with a detailed list of weaknesses of the system, noting that
most are fixable and none are immediately exploitable. Not bad for an
operating system!
The paper did an excellent job of describing design dead-ends such as
links with assigned privileges, "trap" extentions and a common access
control list mechanism. In each case the authors explained how these
features were not included due to unaccepatble engineering tradeoffs,
based on their fundemental choice of design principles. This gave the
reader additional insight into some of the problems confronting systems
design.
The discussion on security issues was especially thought-provoking.
User-chosen passwords have clearly been an administrative headache for
over 30 years. And the issue of wire-tapping into a telephone line
required more advanced processing power and encryption technology to
overcome. Luckily the authors weren't aware of security nightmares such
as viruses and script-kiddies on the horizon.
This archive was generated by hypermail 2.1.6 : Wed Jan 07 2004 - 17:50:52 PST