In
computer sciences
Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to practical disciplines (including ...
, the separation of protection and security is a
design
A design is a plan or specification for the construction of an object or system or for the implementation of an activity or process or the result of that plan or specification in the form of a prototype, product, or process. The verb ''to design'' ...
choice. Wulf et al. identified
protection
Protection is any measure taken to guard a thing against damage caused by outside forces. Protection can be provided to physical objects, including organisms, to systems, and to intangible things like civil and political rights. Although th ...
as a
mechanism
Mechanism may refer to:
* Mechanism (engineering), rigid bodies connected by joints in order to accomplish a desired force and/or motion transmission
*Mechanism (biology), explaining how a feature is created
*Mechanism (philosophy), a theory that ...
and
security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...
as a
policy
Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an orga ...
,
[Wulf 74 pp.337-345] therefore making the protection-security distinction a particular case of the
separation of mechanism and policy The separation of mechanism and policy is a design principle in computer science. It states that mechanisms (those parts of a system implementation that control the authorization of operations and the allocation of resources) should not dictate ( ...
principle. Many frameworks consider both as
security controls
Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the c ...
of varying types. For example, protection mechanisms would be considered technical controls, while a policy would be considered an administrative control.
Overview
The adoption of this distinction in a
computer architecture
In computer engineering, computer architecture is a description of the structure of a computer system made from component parts. It can sometimes be a high-level description that ignores details of the implementation. At a more detailed level, t ...
usually means that protection is provided as a
fault tolerance
Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of one or more faults within some of its components. If its operating quality decreases at all, the decrease is proportional to the ...
mechanism by
hardware/
firmware
In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...
and
kernel
Kernel may refer to:
Computing
* Kernel (operating system), the central component of most operating systems
* Kernel (image processing), a matrix used for image convolution
* Compute kernel, in GPGPU programming
* Kernel method, in machine learn ...
, whereas the
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
and
applications
Application may refer to:
Mathematics and computing
* Application software, computer software designed to help the user to perform specific tasks
** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...
implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional
cryptography
Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
techniques.
The major hardware approach
[Swift 2005 p.26] for security or protection is the use of
hierarchical protection domains. A prominent example of this approach is the
ring
Ring may refer to:
* Ring (jewellery), a round band, usually made of metal, worn as ornamental jewelry
* To make a sound with a bell, and the sound made by a bell
:(hence) to initiate a telephone connection
Arts, entertainment and media Film and ...
architecture with "
supervisor mode
In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security).
Computer ...
" and "user mode". Such an approach adopts a policy already at the lower levels (hardware/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the
capability-based addressing In computer science, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of capability-based security. Under a capability-based addressing scheme, pointers are replaced by protec ...
.
Examples of models with protection and security separation include
access matrix,
UCLA Data Secure Unix,
take-grant and
filter
Filter, filtering or filters may refer to:
Science and technology
Computing
* Filter (higher-order function), in functional programming
* Filter (software), a computer program to process a data stream
* Filter (video), a software component tha ...
. Such separation is not found in models like
high-water mark
A high water mark is a point that represents the maximum rise of a body of water over land. Such a mark is often the result of a flood, but high water marks may reflect an all-time high, an annual high (highest level to which water rose that ...
,
Bell–LaPadula (original and revisited),
information flow
In discourse-based grammatical theory, information flow is any tracking of referential information by speakers. Information may be ''new,'' just introduced into the conversation; ''given,'' already active in the speakers' consciousness; or ''old, ...
,
strong dependency and
constraints.
[Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273]
See also
*
Capability-based addressing In computer science, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of capability-based security. Under a capability-based addressing scheme, pointers are replaced by protec ...
*
Computer security policy
A computer security policy defines the goals and elements of an organization's computer systems. The definition can be highly formal or informal. Security policies are enforced by organizational policies or security mechanisms. A technical impleme ...
Notes
References
*Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981.
IBM System/38 support for capability-based addressing'. In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348.
*
Intel Corporation (2002)
The IA-32 Architecture Software Developer’s Manual, Volume 1: Basic Architecture'
*Carl E. Landwehr
Formal Models for Computer SecurityVolume 13, Issue 3 (September 1981) pp. 247 – 278
* Swift, Michael M; Brian N. Bershad, Henry M. Levy,
Improving the reliability of commodity operating systems'
ACM Transactions on Computer Systems (TOCS), v.23 n.1, p. 77-110, February 2005
*
Computer security
Dichotomies
{{comp-sci-stub