The Protection of Information in Computer Systems计算机系统中的信息保护.pptVIP

The Protection of Information in Computer SystemsPart I. Basic Principles of Information Protection Jerome Saltzer Michael Schroeder Presented by Bert Bruce Overview Focus of paper on multiple user computer system User authority Who can do something to something Who can see something “Privacy” social Concern here is controlling access to data (security) Security Violations Unauthorized release of information Unauthorized modification of information Unauthorized denial of use of information Definitions Protection – control access to information Authentication – verify identity of user Categories of Protection Schemes Unprotected Typical batch system Physical isolation (computer room) All or Nothing User totally isolated in the system No sharing of resources Typical of early TS systems (Dartmouth BASIC) Categories of Protection Schemes Controlled Sharing OS puts limits on access TOPS-10 file system w/ WRX control User-programmed Sharing Controls Like OO files w/ access methods User control access as he likes Claims UNIX has this? Categories of Protection Schemes Putting Strings on Information Trace or control information after released File retains access status even when others have it Overriding question on these schemes is how controls can change over time How is privilege changed? Can access privilege be modified or revoked on the fly? Design Principles Since we can’t build software without flaws, we need ways to reduce number and severity of security flaws What follows are 10 Design Principles to apply when designing and creating protection mechanisms They were true in 1975 and remain relevant today Design Principles 1. Economy of Mechanism KISS Principle Easier to implement Allows total inspection of security mechanism Design Principles 2. Fail-safe Defaults Default case should be to exclude access Explicitly give right to access The reverse is risky i.e. find reasons to exclude You may not think of all reasons to exclude Design Principles 2. Fail-safe Defa