To install click the Add extension button. That's it.

The source code for the WIKI 2 extension is being checked by specialists of the Mozilla Foundation, Google, and Apple. You could also do it yourself at any point in time.

How to transfigure the Wikipedia

Would you like Wikipedia to always look as professional and up-to-date? We have created a browser extension. It will enhance any encyclopedic page you visit with the magic of the WIKI 2 technology.

Try it — you can delete it anytime.

Install in 5 seconds
4,5
Kelly Slayton
Congratulations on this excellent venture… what a great idea!
Alexander Grigorievskiy
I use WIKI 2 every day and almost forgot how the original Wikipedia looks like.
Live Statistics
English Articles
Improved in 24 Hours
Added in 24 Hours
Languages
Recent
Show all languages
What we do. Every page goes through several hundred of perfecting techniques; in live mode. Quite the same Wikipedia. Just better.
Great Wikipedia has got greater.
.
Leo
Newton
Brights
Milds

Separation of protection and security

From Wikipedia, the free encyclopedia

In computer sciences, the separation of protection and security is a design choice. Wulf et al. identified protection as a mechanism and security as a policy,[1] therefore making the protection-security distinction a particular case of the separation of mechanism and policy principle. Many frameworks consider both as security controls of varying types. For example, protection mechanisms would be considered technical controls, while a policy would be considered an administrative control.

YouTube Encyclopedic

  • 1/3
    Views:
    99 137
    356
    1 385
  • Network Separation - CompTIA Security+ SY0-401: 1.2
  • Access Control Family: AC-5, Separation of Duties
  • Separating fraudsters from legitimate users with Shape Security and Fastly CDN

Transcription

Overview

The adoption of this distinction in a computer architecture usually means that protection is provided as a fault tolerance mechanism by hardware/firmware and kernel, whereas the operating system and applications implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional cryptography techniques.

The major hardware approach[2] for security or protection is the use of hierarchical protection domains. A prominent example of this approach is the ring architecture with "supervisor mode" and "user mode".[3] Such an approach adopts a policy already at the lower levels (hardware/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the capability-based addressing.[1][4]

Examples of models with protection and security separation include access matrix, UCLA Data Secure Unix, take-grant and filter. Such separation is not found in models like high-water mark, Bell–LaPadula (original and revisited), information flow, strong dependency and constraints.[5]

See also

Notes

  1. ^ a b Wulf 74 pp.337-345
  2. ^ Swift 2005 p.26
  3. ^ Intel Corporation 2002
  4. ^ Houdek et al. 1981
  5. ^ Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273

References

  • Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981. IBM System/38 support for capability-based addressing. In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348.
  • Intel Corporation (2002) The IA-32 Architecture Software Developer’s Manual, Volume 1: Basic Architecture
  • Carl E. Landwehr Formal Models for Computer Security [1] Volume 13, Issue 3 (September 1981) pp. 247 – 278
  • Swift, Michael M; Brian N. Bershad, Henry M. Levy, Improving the reliability of commodity operating systems, [2] ACM Transactions on Computer Systems (TOCS), v.23 n.1, p. 77-110, February 2005
  • Wulf, W.; E. Cohen; W. Corwin; A. Jones; R. Levin; C. Pierson; F. Pollack (June 1974). "HYDRA: the kernel of a multiprocessor operating system". Communications of the ACM. 17 (6): 337–345. doi:10.1145/355616.364017. ISSN 0001-0782. S2CID 8011765. [3]


Stub icon

This computer science article is a stub. You can help Wikipedia by expanding it.

This page was last edited on 3 December 2023, at 18:25
Basis of this page is in Wikipedia. Text is available under the CC BY-SA 3.0 Unported License. Non-text media are available under their specified licenses. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc. WIKI 2 is an independent company and has no affiliation with Wikimedia Foundation.
Contact WIKI 2
Introduction
Terms of Service
Privacy Policy