This tutorial paper explores the mechanics of protecting computer-stored information from unauthorized use or modification. It concentrates on those architectural structures--whether hardware or software--that are necessary to support information protection. The paper develops in three main sections. Section I describes desired functions, design principles, and examples of elementary protection and authentication mechanisms. Any reader familiar with computers should find the first section to be reasonably accessible. Section II requires some familiarity with descriptor-based computer architecture. It examines in depth the principles of modern protection architectures and the relation between capability systems and access control list systems, and ends with a brief analysis of protected subsystems and protected objects. The reader who is dismayed by either the prerequisites or the level of detail in the second section may wish to skip to Section III, which reviews the state of the art and current research projects and provides suggestions for further reading. Glossary The following glossary provides, for reference, brief definitions for several terms as used in this paper in the context of protecting information in computers. Access The ability to make use of information stored in a computer system. Used frequently as a verb, to the horror of grammarians. Access control list A list of principals that are authorized to have access to some object. Authenticate To verify the identity of a person (or other agent external to the protection system) making a request.

The following paper by Butler Lampson has been frequently referenced. Because the original is not widely available, we are reprinting it here. If the paper is referenced in published work,

As experience with use of on-line operating systems has grown, the need to share information among system users has become increasingly apparent. Many contemporary systems permit some degree of sharing. Usually, sharing is accomplished by allowing several users to share data via input and output of information stored in files kept in secondary storage. Through the use of segmentation, however, Multics provides direct hardware addressing by user and system programs of all information, independent of its physical storage location. Information is stored in segments each of which is potentially sharable and carries its own independent attributes of size and access privilege. Here, the design and implementation considerations of segmentation and sharing in Multics are first discussed under the assumption that all information resides in a large, segmented main memory. Since the size of main memory on contemporary systems is rather limited, it is then shown how the Multics software achieves the effect of a large segmented main memory through the use of the Honeywell 645 segmentation and paging hardware.

We contend that the complexity of modern computer systems is caused by a dependency on a plethora of mechanisms that by their lack of coherence increase the cost of developing applications. By integrating these mechanisms we can reduce the complexity of the system and thereby achieve savings throughout product life cycles. From our experience in operating systems, programming languages and databases we identify five major areas of system design for modern systems: controlling complexity, orthogonal persistence, controlled system evolution, protection of data and concurrent computation. We are currently engaged in building a system which will achieve the simplicity above and here we describe the design issues involved in the construction of a persistent information space architecture (PISA) capable of integrating all these activities. 1.

This paper has been reconstructed by OCR from the scanned

The common features of third generation operating systems are surveyed from a general view, with emphasis on the common abstractions that constitute at least the basis for a "theory " of operating systems. Properties of specific systems are not discussed except where examples are useful. The technical aspects of issues and concepts are stressed, the nontechnical aspects mentioned only briefly. A perfunctory knowledge of third generation systems is presumed. Key words and phrases: multiprogramming systems, operating systems, supervisory systems, time-sharing systems, programming, storage allocation, memory allocation, processes, concurrency, parallelism, resource allocation, protection CR categories: 1.3, 4.0, 4.30, 6.20 It has been the custom to divide the era of electronic computing into "generations" whose approximate dates are:

Introduction In traditional programming languages, database management systems, file systems and operating systems there are a number of, often conflicting, binding mechanisms for composing sub-systems, programs and data. In our experiments in designing, building and using a persistent information space architecture (PISA) [3] we have encountered these binding mechanisms and wish to report on them here. We wish to build a total system capable of providing for all programming activity. Our traditional view of the persistent information space is that it will subsume the functions of a plethora of mechanisms currently supported by components such as command languages, editors, file systems, compilers and interpreters, linkage editors and binders, debuggers, DBMS sublanguages and graphics libraries[1]. The information space is composed of objects, which may be simple or highly structured, defined by the universe of discourse of the type system 2 of the PISA archi

In designing and building persistent object systems we are attempting to regularise the activities on data that are traditional in programming languages, operating systems, database management systems and file systems. We hypothesise that regularity and simplicity may be achieved by regarding the exercise as one of designing a language powerful enough to allow for all our programming needs and using some principles in the design of the language to achieve this regularity and simplicity. In this paper we investigate the nature of binding mechanisms showing how some form of dynamic binding is necessary for persistence. The binding mechanisms of Ada, which has a traditional file based view of persistence, and of Napier, which has an object based view, are used as illustrations. 1. Introduction In traditional programming languages, database management systems, file systems and operating systems there are a number of, often conflicting, binding mechanisms for composing sub-systems, program...

This paper celebrated the successful birth of virtual memory. Object-Oriented Virtual Memory

This thesis addresses the problem of trying to locate the source of performance bottlenecks in large-scale parallel and distributed applications. Performance monitoring creates a dilemma: identifying a bottleneck necessitates collecting detailed information, yet collecting all this data can introduce serious data collection bottlenecks. At the same time, users are being inundated with volumes of complex graphs and tables that require a performance expert to interpret. I have developed a new approach that addresses both these problems by combining dynamic on-the-fly selection of what performance data to collect with decision support to assist users with the selection and presentation of performance data. The approach is called the W 3 Search Model. To make it possible to implement the W 3 Search Model, I have developed a new monitoring technique for parallel programs called Dynamic Instrumentation. The premise of my work is that not only is it possible to do on-line performance debu...