| 翻訳と辞書 |
| Separation of protection and security : ウィキペディア英語版 |
Separation of protection and security
In computer sciences the separation of protection and security is a design choice. Wulf et al. identified protection as a mechanism and security as a policy,〔Wulf 74 pp.337-345〕 therefore making the protection-security distinction a particular case of the separation of mechanism and policy principle.
== Overview ==
The adoption of this distinction in a computer architecture, usually means that protection is provided as a fault tolerance mechanism by hardware/firmware and kernel, whereas the operating system and applications implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional cryptography techniques.
The major hardware approach〔Swift 2005 p.26〕 for security or protection is the use of hierarchical protection domains. Prominent example of this approach is ring architecture with "supervisor mode" and "user mode").〔Intel Corporation 2002〕 Such approach adopts a policy already at the lower levels (hardware/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the capability-based addressing.〔〔Houdek et al. 1981〕
Examples of models with protection and security separation include: access matrix, UCLA Data Secure Unix, take-grant and filter. Such separation is not found in models like: high-water mark, Bell–LaPadula (original and revisited), information flow, strong dependency and constraints.〔Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273〕
抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』
■ウィキペディアで「Separation of protection and security」の詳細全文を読む
スポンサード リンク
| 翻訳と辞書 : 翻訳のためのインターネットリソース |
Copyright(C) kotoba.ne.jp 1997-2016. All Rights Reserved.
|
|