The protection of information in computer systems

  title={The protection of information in computer systems},
  author={Jerome H. Saltzer and Michael D. Schroeder},
  journal={Proceedings of the IEEE},
This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures-whether hardware or software-that are necessary to support information protection. The paper develops in three main sections. Section I describes desired functions, design principles, and examples of elementary protection and authentication mechanisms. Any reader familiar with computers should find the first section to be… 
Operating system security a tutorial of current research
This tutorial is extracted from the recently completed monograph, Computer Security: Its Problems and Solutions [3], and is intended as a technical review of research in the areas of operating system
Report of the Invitational Workshop on Integrity Policy in Computer Information Systems (WIPCIS)
The workshop established a foundation for further progress in defining a model for information integrity and proposed a proposal by the National Bureau of Standards for continuing the effort to define an integrity policy.
An Overview of Computer Security
Presented is an overview of computer security, including concepts, techniques, and measures relating to the protection of computing systems and the information they maintain against deliberate or
Information storage in a decentralized computer system
A complete model of the architecture for shared information storage in a decentralized computer system is presented, which describes the interface to the facilities provided, and describes in detail the proposed mechanisms for implementing them.
Integrity in Automated Information Systems
It is concluded that although some gaps in understanding still exist, it is possible to begin to standardize integrity properties of systems.
Principles of Computer System Design: An Introduction
This text identifies, examines, and illustrates fundamental concepts in computer system design that are common across operating systems, networks, database systems, distributed systems, programming
Adaptive Management of Protection Processes of the Information from the Non-Authorized Access in Computing Systems
The main idea of this article is recombined protection systems in computing systems. The given data testify that the danger of the non-authorized actions above the information is not simply real, but
Unrestricted Secure Computing
This paper proposes a model in which both the software agents and the usage restrictions take place at the network level rather than at the level of the end-user computer, thereby freeing the end of user computer from the clutches of IT and releasing it into the wild to be used to its fullest by the end user.
Protection in a distributed document processing system
The ability to audit the processing of a document was found to effect the choice of access control mechanism, and access control lists were found to be more suitable than capability-based schemes.
Separating Information Protection from Resource Management
This thesis presents an SP3-based digital rights-management solution that can protect both the copy-protected multimedia contents and a trusted multimedia player program without limiting the end-users' freedom.


Security Controls for Computer Systems
Abstract : With the advent of resource-sharing computer systems that distribute the capabilities and components of the machine configuration among several users or several tasks, a new dimension has
Dynamic protection structures
This paper deals with one aspect of the subject, which might be called the meta-theory of protection systems: how can the information which specifies protection and authorizes access, itself be protected and manipulated.
Ongoing research and development on information protection
The report begins with a brief summary of the different kinds of activities being pursued, with references to the later, more explicit project descriptions.
Information Security in a Multi-User Computer Environment
Protection systems and protection implementations
  • R. Needham
  • Computer Science
    AFIPS '72 (Fall, part I)
  • 1972
The paper outlines a system which is being developed to the point of hardware implementation in the Computer Laboratory, Cambridge, and outlines the potentialities and limitations of a variety of approaches to protection systems.
A new design is proposed, which provides both type extension and revocation through the definition of generalized sealing of capabilities, and it is demonstrated that it would be workable and acceptable economically.
Computer and data security: a comprehensive annotated bibliography.
Abstract : The report is an attempt to produce a bibliography covering all aspects of computer and data security, and having annotations that more than superficially describe each article's content.
Synthesis of a software security system
This paper describes an ongoing Air Force sponsored project at The MITRE Corporation to develop provably effective security (access) controls for computer systems and touches briefly on the components of the software engineering technique and the methodology for proving the correctness of the system.
A user authentication scheme not requiring secrecy in the computer
A password scheme is presented which does not require secrecy in the computer and is based on using a function H which the would-be intruder is unable to invert.
On attaining reliable software for a secure operating system
This paper presents a general methodology for the design, implementation, and proof of large software systems, each described as a hierarchy of abstract machines, and illustrates the methodology by examining three of the system levels, including specifications, for a simplified version of these levels.