Notes for November 13, 1998

1.	Greetings and Felicitations!

2.	Puzzle of the Day

3.	Privilege in OSes

a.	None (original IBM OS; protect with password, or anyone can read it)

b.	Fence, base and bounds registers; relocation

c.	Tagged architectures

d.	Memory management based schemes: segmentation, paging, and paged segmentation

4.	 User identification

a.	Go through UNIX idea of "real", "effective", "saved", "audit"

b.	Go through notion of "role" accounts; cite Secure Xenix, DG, etc.

c.	Go through PPNs (TOPS-10) and groups

d.	Review least privilege

5.	Privilege in Languages

a.	Nesting program units

b.	Temporary upgrading of privileges

6.	Different forms of access control

a.	UNIX method

b.	ACLs:  describe, revocation issue

c.	MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3) call bracket - can call segment through 
gate; so (4, 6, 9) as example

d.	Capabilities: file descriptors in UNIX