skip to main content
article
Free access

Protection and the control of information sharing in multics

Published: 01 July 1974 Publication History

Abstract

The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design.

References

[1]
Ackerman, W.B., and Plummer, W.W. An implementation of a multiprocessing computer system. ACM Symp. on Oper. Syst. Princ., Oct. 1967, Gatlinburg, Tenn.
[2]
Baran, P. Security, secrecy, and tamper-free considerations. In On Distributed Communications 9, Rand Corp. Techn. Rep. RM-3765-PR.
[3]
Beardsley, C.W. ls your computer insecure? IEEE Spectrum 9, 1 (Jan. 1972), 67-78.
[4]
Bensoussan, A., Clingen, C.T., and Daley, R.C. The Multics virtual memory: concepts and design. Comm. ACM 15, 4 (May 1972), 308-318.
[5]
Branstad, D.K. Privacy and protection in operating systems. Computer 6, (1973), 43-47.
[6]
The Compatible Time-Sharhtg System: A Programmer's Guide. M.I.T. Press, 1966.
[7]
Corbato, F.J., Saltzer, J.H., and Clingen, C.T. Multics: the first seven years. Proc. AFIPS 1972 SJCC, Vol. 40, AFIPS Press, Montvale, N.J., pp. 571-583.
[8]
Daley, R.C., and Neumann, P.G. A general-purpose file system for secondary storage. Proc. AFIPS 1965 FJCC, vol. 27, AFIPS Press, Montvale, N.J., pp. 213-229.
[9]
The Descriptor--A Definition of the B5000 blJbrmation Processhtg System. Burroughs Corporation, Bus. Mach. Gr., Sales Tech. Serv., Syst. Doc., Detroit, Mich., 1961.
[10]
Evans, D.C., and LeClerc, J.Y. Address mapping and the control of access in an interactive computer, Proc. A FIPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 23-30.
[11]
Fabry, R.S. The case for capability based computers presented at Fourth Symposium on Operating System Principles, Oct. 1973. Comm. ACM 17, 7 (July 1974), 403-412.
[12]
Glaser, E.L. A brief description of privacy measures in the Multics operating system, Proc. AFIPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 303-304.
[13]
Graham, R.M. Protection in an information processing utility. Comm. ACM 11, 4 (May 1968), 365-369.
[14]
Hoffman, L.J. The formulary model for access control and privacy in computer systems. Rep. 117, Stanford Linear Accelerator Center, Stanford, Calif., 1970.
[15]
Holland, S.A., and Purcell, C.J. The CDC Star-100 A large scale network oriented computer system. IEEE lnternat. Comput. Soc. Conf., Sept. 1971, pp. 55-56.
[16]
Hollingworth, Dennis. Enhancing computer system security. Rand Paper P-5064, Rand Corp., Aug. 1973.
[17]
Hsiao, D.K., A File System for a Problem Solving Facility, Ph.D. Diss., Dep. of Elec. Eng., U. of Pennsylvania, Philadelphia, Penn., 1968.
[18]
Lampson, B.W. An overview of the CAL time-sharing system Comput. Center, U. of California, Berkeley, Sept. 1969.
[19]
Lampson, B.W. Protection. Proc. 5th Princeton Conf. on Inform. Sci. and Syst., Mar. 1971, pp. 437-443.
[20]
Molho, L.M. Hardware aspects of secure computing, Proc. AFIPS 1970 SJCC, Vol. 36, AFIPS Press, Montvale, N.J., pp. 135-141.
[21]
Organick, E.I. TIw Multics System: An Examination of lts Structure. M.I.T. Press, 1972.
[22]
Needham, R.M. Protection systems and protection implementations, Proc. AFIPS 1972 FJCC, Vol. 41, AFIPS Press, Montvale, N.J., pp. 572-578.
[23]
OS/MVTwith Resource Security, General Information and Planning Manual, IBM Appl. Prog. Man., File no. GH20-1058-0, IBM Corp., Dec. 1971.
[24]
Peters, B. Security considerations in a multi-programmed computer system. Proc. AFPS 1967 SJCC, Vol. 30, AFIPS Press, Montvale, N.J., pp. 283-286.
[25]
Ritchie, D.M., and Thompson, K. The UNIX time-sharing system presented at Fourth Symposium on Operating System Principles, Oct. 1973. Comm. ACM 17, 7 (July 1974), 365-375.
[26]
Rotenberg, L. Making computers keep secrets. Ph.D. Th., M.I.T., Dept. of Elec. Eng., Sept. 1973. (Also available as M.I.T. Proj. MAC Tech. Rep. TR-116.)
[27]
Schroeder, M.D. Cooperation of mutually suspicious subsystems in a computer utility. Ph.D. Th., M.I.T. Dep. of Elec. Eng., Sept. 1972. (Also available as M.I.T. Proj. MAC Tech. Rep. TR-104.)
[28]
Schroeder, M.D., and Saltzer, J.H. A hardware architecture for implementing protection rings. Comm. ACM 15, 3 (Mar. 1972), 157-170.
[29]
Smith, J.L., Notz, W.A., and Osseck, P.R. An experimental application of cryptography to a remotely accessed data system. Proc. ACM 1972 Conf., pp. 282-297.
[30]
System 370 Principles of Operation, IBM Sys. Ref. Lib. File no. GA22-7000-3, IBM Corp., 1973.
[31]
Third party ID aided program theft. Computer World V, 14 (Apr. 7, 1971).
[32]
Ware, W., et al. Security controls for computer systems. Rand Corp. Tech. Rep. R-609, 1970. (Classified Confidential.)
[33]
Weissman, C. Security controls in the ADEPT-50 time-sharing system. Proc. AFIPS 1969 FJCC, Vol. 35, AFIPS Press, Montvale, N.J., pp. 119-133.
[34]
Wilkes, M.V. Time-Sharing Computer Systems. American Elsevier, New York, 1968.
[35]
Wulf, W.A., et al. HYDRA: The kernel of a multiprocessor operating system. Comput. Sci. Dep. Rep., Carnegie-Mellon U., June 1973.

Cited By

View all
  • (2024)Cloud-Based Access Control Including Time and LocationElectronics10.3390/electronics1314281213:14(2812)Online publication date: 17-Jul-2024
  • (2024)Gradient: Gradual Compartmentalization via Object Capabilities Tracked in TypesProceedings of the ACM on Programming Languages10.1145/36897518:OOPSLA2(1135-1161)Online publication date: 8-Oct-2024
  • (2024)HabitSense: A Privacy-Aware, AI-Enhanced Multimodal Wearable Platform for mHealth ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785918:3(1-48)Online publication date: 9-Sep-2024
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image Communications of the ACM
Communications of the ACM  Volume 17, Issue 7
July 1974
63 pages
ISSN:0001-0782
EISSN:1557-7317
DOI:10.1145/361011
Issue’s Table of Contents
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 1974
Published in CACM Volume 17, Issue 7

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. Multics
  2. access control
  3. authentication
  4. computer utilities
  5. descriptors
  6. privacy
  7. proprietary programs
  8. protected subsystems
  9. protection
  10. security
  11. time-sharing systems
  12. virtual memory

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)622
  • Downloads (Last 6 weeks)94
Reflects downloads up to 28 Nov 2024

Other Metrics

Citations

Cited By

View all
  • (2024)Cloud-Based Access Control Including Time and LocationElectronics10.3390/electronics1314281213:14(2812)Online publication date: 17-Jul-2024
  • (2024)Gradient: Gradual Compartmentalization via Object Capabilities Tracked in TypesProceedings of the ACM on Programming Languages10.1145/36897518:OOPSLA2(1135-1161)Online publication date: 8-Oct-2024
  • (2024)HabitSense: A Privacy-Aware, AI-Enhanced Multimodal Wearable Platform for mHealth ApplicationsProceedings of the ACM on Interactive, Mobile, Wearable and Ubiquitous Technologies10.1145/36785918:3(1-48)Online publication date: 9-Sep-2024
  • (2024)GewährleistungszieleDas Standard-Datenschutzmodell (SDM)10.1007/978-3-658-44998-8_5(93-126)Online publication date: 14-Nov-2024
  • (2023)Analysing potential data security losses in organisations based on subsequent users loginsPLOS ONE10.1371/journal.pone.028685618:8(e0286856)Online publication date: 24-Aug-2023
  • (2023)Access Control for Database Applications: Beyond Policy EnforcementProceedings of the 19th Workshop on Hot Topics in Operating Systems10.1145/3593856.3595905(223-230)Online publication date: 22-Jun-2023
  • (2023)The Hardness of Learning Access Control PoliciesProceedings of the 28th ACM Symposium on Access Control Models and Technologies10.1145/3589608.3593840(133-144)Online publication date: 24-May-2023
  • (2023)Going beyond the Limits of SFI: Flexible and Secure Hardware-Assisted In-Process Isolation with HFIProceedings of the 28th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 310.1145/3582016.3582023(266-281)Online publication date: 25-Mar-2023
  • (2023)SLR: From Saltzer and Schroeder to 2021…47 Years of Research on the Development and Validation of Security API RecommendationsACM Transactions on Software Engineering and Methodology10.1145/356138332:3(1-31)Online publication date: 27-Apr-2023
  • (2023)Least-Privilege Calls to Amazon Web ServicesIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2022.317174020:3(2085-2096)Online publication date: 1-May-2023
  • Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Login options

Full Access

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media