by A. K. Jones & W. A. Wulf @ CMU
Software-Practice and Experience(1975)
![]() |
Security Policy: a finite set of rules which prohibits or grants the access to a type of objects
|
||||||||
![]() |
The factors affecting policy design
|
||||||||
![]() |
Dimensions of security policy
|
![]() |
Tools to implement policies |
||||||||||
![]() |
Required general properties
|
![]() |
Protection mechanism assumes a capability database to query to grant a process an access to an object |
||||
![]() |
Capability database: the set of all capabilities at all execution sites |
||||
![]() |
Capabilities for a process defines the execution environment |
||||
![]() |
Extension of capability: classical capability (defined above) + capability-based-addressing
|
||||
![]() |
In extended capability model,
|
![]() |
HYDRA is OS for a machine with up to 16 C.mmp processors connected to one memory |
||||||||||||
![]() |
The main facility of OS for multiple processors is the protection |
||||||||||||
![]() |
HYDRA skeletal backbone is an implementation of protection in terms of extended capabilities |
||||||||||||
![]() |
Object has:
|
||||||||||||
![]() |
Type object: representative object of the entire objects of the type |
Name | Type |
D1 | Disk |
D2 | Disk |
S1 | Semaphore |
S2 | Semaphore |
P1 | Procedure |
Disk | TYPE |
Semaphore | TYPE |
Procedure | TYPE |
TYPE | TYPE |
![]() |
Types: Built-in types or user defined types |
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Type creation: through the CREATE access to TYPE object |
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Execution environment
|
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
In the context of extended capability, protection mechanism should be defined in terms of
|
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Access control enforcement
|
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Capability transfer (manipulation) operations
|
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Environment(= LNS) boundary crossing operations
|
||||||||||||||||||||||||||||||||||||||||||||||
![]() |
Template creation and specification of amplifyrights field should be controlled!
|
![]() |
Policy-1
|
||||||||||||||||||||||||||||||||||||
![]() |
Implementation-1
|
![]() |
Pros
|
||||||||
![]() |
Cons
|