BCABSCNOTES

Goals and Principles of Protection

Published by

Sharon Brown

on

Protection refers to a mechanism for controlling the access of programs,
processes, or users to the resources defined by a computer system. This
mechanism must provide a means for specifying the controls to be imposed,
together with a means of enforcement.

Goals of Protection

  1. Preventing Misuse: Protection mechanisms aim to prevent intentional violations of access restrictions by users. This ensures that users cannot maliciously or inadvertently access resources beyond their privileges.
  2. Enforcing Policies: Protection mechanisms enforce policies governing resource use, which may vary from fixed system designs to policies set by system administrators or individual users. This ensures that resources are used in ways consistent with specified rules and policies.
  3. Improving Reliability: By detecting errors at interfaces between subsystems early, protection mechanisms prevent potential contamination of healthy subsystems by malfunctioning ones. This enhances overall system reliability.
  4. Distinguishing Authorization: Protection mechanisms differentiate between authorized and unauthorized usage of system resources. This is crucial for ensuring that only permitted users or processes can access sensitive or critical resources.

Principles of Protection

  1. Principle of Least Privilege: A fundamental principle guiding protection mechanisms is to grant programs, users, and systems the minimum privileges necessary to perform their tasks. This minimizes potential damage in case of a security breach or compromise.
    • Example: Analogously, a security guard with a passkey that grants access only to public areas minimizes the risk compared to a passkey granting unrestricted access.
  2. Implementation Details:
    • Mechanisms vs. Policies: Mechanisms (how something is done) are separated from policies (what should be done), ensuring flexibility to adapt policies without needing to overhaul underlying mechanisms.
    • Fine-grained Access Control: Operating systems should provide mechanisms for fine-grained access control, enabling privileges only when needed and auditing privileged actions.
  3. Managing Users: Following the principle of least privilege involves creating separate accounts with minimal necessary privileges for each user. This prevents users from accessing resources they don’t need for their tasks.
Design a site like this with WordPress.com
Get started