article

Free access

Protection and the control of information sharing in multics

Author:

Jerome H. SaltzerAuthors Info & Claims

Communications of the ACM, Volume 17, Issue 7

Pages 388 - 402

https://doi.org/10.1145/361011.361067

Published: 01 July 1974 Publication History

Abstract

The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design.

References

[1]

Ackerman, W.B., and Plummer, W.W. An implementation of a multiprocessing computer system. ACM Symp. on Oper. Syst. Princ., Oct. 1967, Gatlinburg, Tenn.

Digital Library

[2]

Baran, P. Security, secrecy, and tamper-free considerations. In On Distributed Communications 9, Rand Corp. Techn. Rep. RM-3765-PR.

[3]

Beardsley, C.W. ls your computer insecure? IEEE Spectrum 9, 1 (Jan. 1972), 67-78.

Digital Library

[4]

Bensoussan, A., Clingen, C.T., and Daley, R.C. The Multics virtual memory: concepts and design. Comm. ACM 15, 4 (May 1972), 308-318.

Digital Library

[5]

Branstad, D.K. Privacy and protection in operating systems. Computer 6, (1973), 43-47.

Digital Library

[6]

The Compatible Time-Sharhtg System: A Programmer's Guide. M.I.T. Press, 1966.

[7]

Corbato, F.J., Saltzer, J.H., and Clingen, C.T. Multics: the first seven years. Proc. AFIPS 1972 SJCC, Vol. 40, AFIPS Press, Montvale, N.J., pp. 571-583.

[8]

Daley, R.C., and Neumann, P.G. A general-purpose file system for secondary storage. Proc. AFIPS 1965 FJCC, vol. 27, AFIPS Press, Montvale, N.J., pp. 213-229.

[9]

The Descriptor--A Definition of the B5000 blJbrmation Processhtg System. Burroughs Corporation, Bus. Mach. Gr., Sales Tech. Serv., Syst. Doc., Detroit, Mich., 1961.

[10]

Evans, D.C., and LeClerc, J.Y. Address mapping and the control of access in an interactive computer, Proc. A FIPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 23-30.

[11]

Fabry, R.S. The case for capability based computers presented at Fourth Symposium on Operating System Principles, Oct. 1973. Comm. ACM 17, 7 (July 1974), 403-412.

Digital Library

[12]

Glaser, E.L. A brief description of privacy measures in the Multics operating system, Proc. AFIPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 303-304.

[13]

Graham, R.M. Protection in an information processing utility. Comm. ACM 11, 4 (May 1968), 365-369.

Digital Library

[14]

Hoffman, L.J. The formulary model for access control and privacy in computer systems. Rep. 117, Stanford Linear Accelerator Center, Stanford, Calif., 1970.

[15]

Holland, S.A., and Purcell, C.J. The CDC Star-100 A large scale network oriented computer system. IEEE lnternat. Comput. Soc. Conf., Sept. 1971, pp. 55-56.

[16]

Hollingworth, Dennis. Enhancing computer system security. Rand Paper P-5064, Rand Corp., Aug. 1973.

[17]

Hsiao, D.K., A File System for a Problem Solving Facility, Ph.D. Diss., Dep. of Elec. Eng., U. of Pennsylvania, Philadelphia, Penn., 1968.

[18]

Lampson, B.W. An overview of the CAL time-sharing system Comput. Center, U. of California, Berkeley, Sept. 1969.

[19]

Lampson, B.W. Protection. Proc. 5th Princeton Conf. on Inform. Sci. and Syst., Mar. 1971, pp. 437-443.

[20]

Molho, L.M. Hardware aspects of secure computing, Proc. AFIPS 1970 SJCC, Vol. 36, AFIPS Press, Montvale, N.J., pp. 135-141.

[21]

Organick, E.I. TIw Multics System: An Examination of lts Structure. M.I.T. Press, 1972.

Digital Library

[22]

Needham, R.M. Protection systems and protection implementations, Proc. AFIPS 1972 FJCC, Vol. 41, AFIPS Press, Montvale, N.J., pp. 572-578.

[23]

OS/MVTwith Resource Security, General Information and Planning Manual, IBM Appl. Prog. Man., File no. GH20-1058-0, IBM Corp., Dec. 1971.

[24]

Peters, B. Security considerations in a multi-programmed computer system. Proc. AFPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 283-286.

[25]

Ritchie, D.M., and Thompson, K. The UNIX time-sharing system presented at Fourth Symposium on Operating System Principles, Oct. 1973. Comm. ACM 17, 7 (July 1974), 365-375.

Digital Library

[26]

Rotenberg, L. Making computers keep secrets. Ph.D. Th., M.I.T., Dept. of Elec. Eng., Sept. 1973. (Also available as M.I.T. Proj. MAC Tech. Rep. TR-116.)

[27]

Schroeder, M.D. Cooperation of mutually suspicious subsystems in a computer utility. Ph.D. Th., M.I.T. Dep. of Elec. Eng., Sept. 1972. (Also available as M.I.T. Proj. MAC Tech. Rep. TR-104.)

Digital Library

[28]

Schroeder, M.D., and Saltzer, J.H. A hardware architecture for implementing protection rings. Comm. ACM 15, 3 (Mar. 1972), 157-170.

Digital Library

[29]

Smith, J.L., Notz, W.A., and Osseck, P.R. An experimental application of cryptography to a remotely accessed data system. Proc. ACM 1972 Conf., pp. 282-297.

Digital Library

[30]

System 370 Principles of Operation, IBM Sys. Ref. Lib. File no. GA22-7000-3, IBM Corp., 1973.

[31]

Third party ID aided program theft. Computer World V, 14 (Apr. 7, 1971).

[32]

Ware, W., et al. Security controls for computer systems. Rand Corp. Tech. Rep. R-609, 1970. (Classified Confidential.)

[33]

Weissman, C. Security controls in the ADEPT-50 time-sharing system. Proc. AFIPS 1969 FJCC, Vol. 35, AFIPS Press, Montvale, N.J., pp. 119-133.

[34]

Wilkes, M.V. Time-Sharing Computer Systems. American Elsevier, New York, 1968.

Digital Library

[35]

Wulf, W.A., et al. HYDRA: The kernel of a multiprocessor operating system. Comput. Sci. Dep. Rep., Carnegie-Mellon U., June 1973.

Cited By

Al Lail MMoncivais MBenton RPerez A(2024)Cloud-Based Access Control Including Time and LocationElectronics10.3390/electronics1314281213:14(2812)Online publication date: 17-Jul-2024
https://doi.org/10.3390/electronics13142812
Boruch-Gruszecki AGhosn APayer MPit-Claudel C(2024)Gradient: Gradual Compartmentalization via Object Capabilities Tracked in TypesProceedings of the ACM on Programming Languages10.1145/36897518:OOPSLA2(1135-1161)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689751
Fernandes GZheng JPedram MRomano CShahabi FRothrock BCohen TZhu HButani THester JKatsaggelos AAlshurafa N(2024)HabitSense: A Privacy-Aware, AI-Enhanced Multimodal Wearable Platform for mHealth ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785918:3(1-48)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678591
Show More Cited By

Index Terms

Protection and the control of information sharing in multics

Recommendations

A hardware architecture for implementing protection rings

Protection of computations and information is an important aspect of a computer utility. In a system which uses segmentation as a memory addressing scheme, protection can be achieved in part by associating concentric rings of decreasing access privilege ...
An authenticated access control framework for digital right management system
Abstract
With the growing development in digital content distribution, researchers focus on the construction of an access right enabled digital content distribution framework for the legal user. Digital rights management (DRM) is the system which tries to ...
Impossibility results for RFID privacy notions
Transactions on computational science XI

RFID systems have become increasingly popular and are already used in many real-life applications. Although very useful, RFIDs introduce privacy risks since they carry identifying information that can be traced. Hence, several RFID privacy models have ...

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM

Communications of the ACM Volume 17, Issue 7

July 1974

63 pages

ISSN:0001-0782

EISSN:1557-7317

DOI:10.1145/361011

Editor:
Robert L. Ashenhurst
Univ. of Chicago, Chicago, IL

Issue’s Table of Contents

Copyright © 1974 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 1974

Published in CACM Volume 17, Issue 7

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

309
Total Citations
View Citations
8,219
Total Downloads

Downloads (Last 12 months)622
Downloads (Last 6 weeks)94

Reflects downloads up to 28 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Al Lail MMoncivais MBenton RPerez A(2024)Cloud-Based Access Control Including Time and LocationElectronics10.3390/electronics1314281213:14(2812)Online publication date: 17-Jul-2024
https://doi.org/10.3390/electronics13142812
Boruch-Gruszecki AGhosn APayer MPit-Claudel C(2024)Gradient: Gradual Compartmentalization via Object Capabilities Tracked in TypesProceedings of the ACM on Programming Languages10.1145/36897518:OOPSLA2(1135-1161)Online publication date: 8-Oct-2024
https://dl.acm.org/doi/10.1145/3689751
Fernandes GZheng JPedram MRomano CShahabi FRothrock BCohen TZhu HButani THester JKatsaggelos AAlshurafa N(2024)HabitSense: A Privacy-Aware, AI-Enhanced Multimodal Wearable Platform for mHealth ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785918:3(1-48)Online publication date: 9-Sep-2024
https://dl.acm.org/doi/10.1145/3678591
Rost MRost M(2024)GewährleistungszieleDas Standard-Datenschutzmodell (SDM)10.1007/978-3-658-44998-8_5(93-126)Online publication date: 14-Nov-2024
https://doi.org/10.1007/978-3-658-44998-8_5
Aziz B(2023)Analysing potential data security losses in organisations based on subsequent users loginsPLOS ONE10.1371/journal.pone.028685618:8(e0286856)Online publication date: 24-Aug-2023
https://doi.org/10.1371/journal.pone.0286856
Zhang WPanda AShenker SBaumann ACrooks NSchwarzkopf M(2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
https://dl.acm.org/doi/10.1145/3593856.3595905
Lei XTripunitara MRanise SCarbone RTakabi D(2023)The Hardness of Learning Access Control PoliciesProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593840(133-144)Online publication date: 24-May-2023
https://dl.acm.org/doi/10.1145/3589608.3593840
Narayan SGarfinkel TTaram MRudek JMoghimi DJohnson EFallin CVahldiek-Oberwagner ALeMay MSahita RTullsen DStefan DAamodt TJerger NSwift M(2023)Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFIProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582023(266-281)Online publication date: 25-Mar-2023
https://dl.acm.org/doi/10.1145/3582016.3582023
Patnaik NDwyer AHallett JRashid A(2023)SLR: From Saltzer and Schroeder to 2021…47 Years of Research on the Development and Validation of Security API RecommendationsACM Transactions on Software Engineering and Methodology10.1145/356138332:3(1-31)Online publication date: 27-Apr-2023
https://dl.acm.org/doi/10.1145/3561383
Gill PDietl WTripunitara M(2023)Least-Privilege Calls to Amazon Web ServicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.317174020:3(2085-2096)Online publication date: 1-May-2023
https://dl.acm.org/doi/10.1109/TDSC.2022.3171740
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

Media

Figures

Other

Tables

View Issue’s Table of Contents