Protection and the control of information sharing in multics

  title={Protection and the control of information sharing in multics},
  author={Jerome H. Saltzer},
  journal={Commun. ACM},
  • J. Saltzer
  • Published 1 July 1974
  • Computer Science
  • Commun. ACM
The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design. 

Figures and Tables from this paper

Access Control with Single-Key-Lock
Based on the concept of an access matrix, a new protection system that achieves access control is proposed such that each node in the hierarchy is assigned a key and a simple operation on any two keys reveals the relationship of the two nodes corresponding to the two keys.
A Group-based Authorization Model for Cooperative Systems
This work proposes a general authorization model that emphasizes conceptual simplicity and shows that several issues-in particular negative access rights and delegation of rights-can be solved elegantly in this model.
A Guide to Understanding Discretionary Access Control in Trusted Systems
This guide discusses issues involved in designing, implementing and evaluating DAC mechanisms and provides guidance to manufacturers on how to select and build effective DAC mechanisms.
The source of authority for commercial access control
The authors discuss the need for protection in commercial organizations, and the way in which control principles have met this need, despite having evolved before computer systems came into use. The
Separating Information Protection from Resource Management
This thesis presents an SP3-based digital rights-management solution that can protect both the copy-protected multimedia contents and a trusted multimedia player program without limiting the end-users' freedom.
Object-oriented Access Control in Jarrah
  • M. Evered
  • Computer Science
    J. Object Technol.
  • 2005
This paper describes and justifies the design of the access control aspect of the persistent object-oriented language Jarrah, a Java extension for programming secure distributed applications.
Capability-Based System for Distributed Environment
This paper describes a few resource management schemes for distributed environment, addressing the fine-grained protection and the principle of least privilege, and compared each other in terms of the features they offer in the context of secure computing.
Authentication for Distributed Web Caches
This work considers the problem of of floading secure access-controlled content from central origin servers to distributed caches so clients can access a proximal cache rather than the origin servers, and describes the security mechanisms to affect such a system.
Operating System Design With Security As An Objective
A description of the security provided by a system design in which a capability-based access control mechanism interacts intimately with other system components is illustrated.


A brief description of privacy measures in the multics operating system
The Multics operating system at MIT has been used in the maintenance of information privacy in a multi-user, remote-access system for many years.
Protection systems and protection implementations
  • R. Needham
  • Computer Science
    AFIPS '72 (Fall, part I)
  • 1972
The paper outlines a system which is being developed to the point of hardware implementation in the Computer Laboratory, Cambridge, and outlines the potentialities and limitations of a variety of approaches to protection systems.
The premise that the existence of ''spies'' within the supposedly secure system must be anticipated is evaluated, and the safeguards to be built into the network are described.
Enhancing Computer System Security
An attractive and cost-effective partial solution may reside in a different approach to the problem--implementation of an entrapment strategy--where the nature of the system/penetrator interaction is altered via introduction of counter-penetration elements into the system hardware and software.
The Formulary Model for Access Control and Privacy in Computer Systems
A model for engineering the user interface for large data base systems in order to maintain flexible access controls over sensitive data is presented, independent of both machine and data base structure, and is sufficiently modular to allow cost-effectiveness studies on access mechanisms.
Privacy and Protection in Operating Systems
A workshop on privacy and protection in operating systems in Princeton, New Jersey, from June 12-14, 1972 was sponsored by the IEEE Committee on Operating Systems.
An experimental application of cryptography to a remotely accessed data system
An experimental system has been developed which illustrates ways cryptography can be applied to certain data-security problems concerning remotely accessible data files, and how a more restricted kind of protection is afforded data stored in files.
Security Controls for Computer Systems
Abstract : With the advent of resource-sharing computer systems that distribute the capabilities and components of the machine configuration among several users or several tasks, a new dimension has
Making Computers Keep Secrets," Ph.D. Thesis, Department of Electrical Engineering, Massachusetts
  • Institute of Technology, September,
  • 1973
Time-sharing computer systems