Theoretical Issues Concerning Protection in Operating Systems

Michael A. Harrison

EECS Department
University of California, Berkeley
Technical Report No. UCB/CSD-84-170
1984

http://www2.eecs.berkeley.edu/Pubs/TechRpts/1984/CSD-84-170.pdf

Modern computer systems contain important information and unauthorized access can result in significant problems. One need only think of certain examples like electronic funds transfer systems, internal revenue service applications, as well as command and control computers used in military applications to realize the significance and scope of the problem of guaranteeing secure computation. In the real world, there are many techniques used for penetrating systems which involve subverting people (or machines), tapping communication lines, and breaching physical security. There is no way in which such complex interactions can be modeled in their entirety even with the aid of computers. Instead, one must focus on the most important aspects of the systems and create specialized models in order to understand these parts of the system. Moreover the modeler must decide how specific to be. For example, we could invent a simple model to abstract the function of a particular circuit in the control unit of a computer. A more grandiose scheme might be to model all computer systems at once by studying a uniform model of computation such as a RAM or a Turing machine. In this chapter, we are interested in protection and security from an operating systems point of view. that forces us to make a number of simplifying assumptions. The remarkable part of our treatment will be that even with severe assumptions, the security question remains "hard" in a technical sense. In our first model, somewhat akin to the example of modeling a circuit, we shall ignore the computer and operating system and concentrate on the access to an object by a subject. Our first goal is to arrive at a model which is rich enough to describe actual systems but is sufficiently restricted so that one can utilize simple and efficient techniques.

BibTeX citation:

@techreport{Harrison:CSD-84-170,
    Author = {Harrison, Michael A.},
    Title = {Theoretical Issues Concerning Protection in Operating Systems},
    Institution = {EECS Department, University of California, Berkeley},
    Year = {1984},
    URL = {http://www2.eecs.berkeley.edu/Pubs/TechRpts/1984/5977.html},
    Number = {UCB/CSD-84-170},
    Abstract = {Modern computer systems contain important information and unauthorized access can result in significant problems. One need only think of certain examples like electronic funds transfer systems, internal revenue service applications, as well as command and control computers used in military applications to realize the significance and scope of the problem of guaranteeing secure computation. In the real world, there are many techniques used for penetrating systems which involve subverting people (or machines), tapping communication lines, and breaching physical security. There is no way in which such complex interactions can be modeled in their entirety even with the aid of computers. Instead, one must focus on the most important aspects of the systems and create specialized models in order to understand these parts of the system. Moreover the modeler must decide how specific to be. For example, we could invent a simple model to abstract the function of a particular circuit in the control unit of a computer. A more grandiose scheme might be to model all computer systems at once by studying a uniform model of computation such as a RAM or a Turing machine. In this chapter, we are interested in protection and security from an operating systems point of view. that forces us to make a number of simplifying assumptions. The remarkable part of our treatment will be that even with severe assumptions, the security question remains "hard" in a technical sense. In our first model, somewhat akin to the example of  modeling a circuit, we shall ignore the computer and operating system and concentrate on the access to an object by a subject. Our first goal is to arrive at a model which is rich enough to describe actual systems but is sufficiently restricted so that one can utilize simple and efficient techniques.}
}

EndNote citation:

%0 Report
%A Harrison, Michael A.
%T Theoretical Issues Concerning Protection in Operating Systems
%I EECS Department, University of California, Berkeley
%D 1984
%@ UCB/CSD-84-170
%U http://www2.eecs.berkeley.edu/Pubs/TechRpts/1984/5977.html
%F Harrison:CSD-84-170