U.S. flag

An official website of the United States government, Department of Justice.

PROTECTION OF INFORMATION IN COMPUTER SYSTEMS

NCJ Number
55298
Journal
PROCEEDINGS OF THE IEEE Volume: 63 Issue: 9 Dated: (SEPTEMBER 1975) Pages: 1278-1308
Author(s)
J H SALTZER; M D SCHROEDER
Date Published
1975
Length
31 pages
Annotation
THE MECHANICS OF PROTECTING COMPUTER-STORED INFORMATION FROM UNAUTHORIZED USE OR MODIFICATION ARE DISCUSSED AND A STATE-OF-THE-ART REVIEW OF COMPUTER DATA SECURITY IS OFFERED.
Abstract
MECHANISMS THAT CONTROL ACCESS TO INFORMATION BY EXECUTING PROGRAMS ARE THE PRIMARY FOCUS OF DISCUSSION. AT THE LEVEL OF EXISTING KNOWLEDGE, IT IS IMPOSSIBLE TO BUILD A SYSTEM WITHOUT FLAWS. THE ALTERNATIVE IS TO RELY ON EIGHT DESIGN PRINCIPLES WHICH TEND TO REDUCE BOTH THE NUMBER AND THE SERIOUSNESS OF ANY FLAWS: (1) ECONOMY OF MECHANISM, WHICH KEEPS THE DESIGN AS SIMPLE AND SMALL AS POSSIBLE; (2) FAIL-SAFE DEFAULTS, WHICH BASES COMPUTER ACCESS DECISIONS ON PERMISSION RATHER THAN EXCLUSION; (3) COMPLETE MEDIATION, WHICH PROVIDES THAT EVERY ACCESS TO EVERY OBJECT MUST BE CHECKED FOR AUTHORITY; (4) OPEN DESIGN, WHICH RELIES ON THE POSSESSION OF SPECIFIC KEYS OR PASSWORDS FOR ACCESS, RATHER THAN SECRECY OF DESIGN; (5) SEPARATION OF PRIVILEGE, WHICH REQUIRES TWO KEYS HELD BY SEPARATE PERSONS FOR SYSTEM ACCESS; (6) LEAST PRIVILEGE, WHICH PROVIDES THAT EVERY PROGRAM AND USER OF THE SYSTEM MUST OPERATE USING THE LEAST SET OF PRIVILEGES NECESSARY TO COMPLETE THE JOB; (7) LEAST COMMON MECHANISM, WHICH MINIMIZES THE AMOUNT OF MECHANISM COMMON TO MORE THAN ONE USER AND DEPENDED ON BY ALL USERS; AND (8) PSYCHOLOGICAL ACCEPTABILITY, WHICH MAKES IT ESSENTIAL THAT THE HUMAN INTERFACE BE DESIGNED FOR EASE OF USE, SO THAT USERS ROUTINELY AND AUTOMATICALLY APPLY THE PROTECTION MECHANISMS CORRECTLY. THE TECHNICAL BASIS OF INFORMATION PROTECTION IN MODERN COMPUTER SYSTEMS IS DISCUSSED, AND IS ILLUSTRATED BY DIAGRAMS. THE SECOND MAJOR SECTION OF THE PRESENTATION IS DEVOTED TO DESCRIPTOR-BASED PROTECTION SYSTEMS, WITH DISCUSSIONS OF THE FOLLOWING TOPICS: SEPARATION OF ADDRESSING AND PROTECTION, THE CAPABILITY SYSTEM, THE ACCESS CONTROL LIST SYSTEM, PROTECTING OBJECTS OTHER THAN SEGMENTS, AND PROTECTED OBJECTS AND DOMAINS. A SECTION ON THE STATE-OF-THE-ART REVIEW CONSIDERS IMPLEMENTATIONS OF PROTECTION MECHANISMS AND CURRENT RESEARCH DIRECTIONS. TABLES, DIAGRAMS, REFERENCES AND A GLOSSARY ARE PROVIDED. (RCB)