Notes for November 15, 1999

1.	Greetings and Felicitations!

2.	Puzzle of the Day

3.	User identification

a.	Go through UNIX idea of "real", "effective", "saved", "audit"

b.	Go through notion of "role" accounts; cite Secure Xenix, DG, etc.

c.	Go through PPNs (TOPS-10) and groups

d.	Review least privilege

4.	Notion of "privilege"

a.	Identity

b.	Functionality

c.	Granularity

5.	Privilege in OSes

a.	None (original IBM OS; protect with password, or anyone can read it)

b.	Fence, base and bounds registers; relocation

c.	Tagged architectures

d.	Memory management based schemes: segmentation, paging, and paged segmentation

6.	Different forms of access control

a.	UNIX method

b.	ACLs:  describe, revocation issue

c.	MULTICS rings: (b1, b2) access bracket - can access freely; (b2, b3) call bracket - can call segment through 
gate; so (4, 6, 9) as example