Protection and the control of information sharing in multics
Communications of the ACM
Time Sharing Computer Systems
Overview of the Hydra Operating System development
SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
The Cambridge CAP computer and its protection system
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
The CAP project - an interim evaluation
SOSP '77 Proceedings of the sixth ACM symposium on Operating systems principles
Protection in programmed systems.
Protection in programmed systems.
The cost of using the CAP computer's protection facilities
ACM SIGOPS Operating Systems Review
In support of domain structure for operating systems
SOSP '79 Proceedings of the seventh ACM symposium on Operating systems principles
Hi-index | 0.00 |
A protection measure based on a simple model of a protection system is presented. The measure shows how closely a computer system adheres to the principle of minimum privilege. Its application to the operating system of the Cambridge University CAP computer is described and ways of bringing the operating system closer to a state of minimum privilege are discussed. The results of this work have demonstrated that the measure provides a useful tool for the designers of operating systems and other software. A module in a computer system has a repertoire of services it can perform; the services provided by a module are made available to other modules as functions. An original feature of the work described in this paper is the attention paid to functions in the context of protection in computer systems. The protection model and the protection measure are defined in terms of the objects accessible to a process and it is important to note that functions are considered to be objects.