Notes for November 13, 1998

  1. Greetings and Felicitations!
  2. Puzzle of the Day
  3. Privilege in OSes
    1. None (original IBM OS; protect with password, or anyone can read it)
    2. Fence, base and bounds registers; relocation
    3. Tagged architectures
    4. Memory management based schemes: segmentation, paging, and paged segmentation
  4. User identification
    1. Go through UNIX idea of "real", "effective", "saved", "audit"
    2. Go through notion of "role" accounts; cite Secure Xenix, DG, etc.
    3. Go through PPNs (TOPS-10) and groups
    4. Review least privilege
  5. Privilege in Languages
    1. Nesting program units
    2. Temporary upgrading of privileges
  6. Different forms of access control
    1. UNIX method
    2. ACLs: describe, revocation issue
    3. MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3) call bracket - can call segment through gate; so (4, 6, 9) as example
    4. Capabilities: file descriptors in UNIX

You can also see this document in its native format, in Postscript, in PDF, or in ASCII text.
Send email to cs153@csif.cs.ucdavis.edu.

Department of Computer Science
University of California at Davis
Davis, CA 95616-8562


Page last modified on 11/13/98