Paper: Guest Editorial on Open Systems and Security


Citation

Paper

Bibliographic Information

Abstract

An “open system” is one which an be extended or adapted by users writing their own commands, or altering parts of programs traditionally seen as part of the operating system, such as command interpreters. The ability of users to modify these systems so extensively creates a tension with the needs of security; specifically, there is an apparent conflict between ease of change and protection boundaries. If a user wants more rights, why not simply write a program that uses those rights, and replace the relevant parts of the security mechanism with that program?

As readers know, this rarely works, because the enforcement mechanisms are themselves protected from modification. (The major exception to this rule is personal computers.) Determining what the security mechanisms should allow (and prevent) requires a very clear understanding of the security policy desired; protecting those mechanisms adequately, and through them the system and its users, requires a trustworthy implementation of both the security mechanisms and those mechanisms’ protections. Papers in this special issue touch upon these themes.

Notice

©1994 by Matt Bishop. The definitive version was published in the Computing Systems, Winter 1994, and is available at https://www.usenix.org/legacy/publications/compsystems/1994/win_guested.pdf.