computer sciences Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to practical disciplines (including ...

, the separation of protection and security is a

design A design is a plan or specification for the construction of an object or system or for the implementation of an activity or process or the result of that plan or specification in the form of a prototype, product, or process. The verb ''to design'' ...

choice. Wulf et al. identified

protection Protection is any measure taken to guard a thing against damage caused by outside forces. Protection can be provided to physical objects, including organisms, to systems, and to intangible things like civil and political rights. Although th ...

as a

mechanism Mechanism may refer to: * Mechanism (engineering), rigid bodies connected by joints in order to accomplish a desired force and/or motion transmission *Mechanism (biology), explaining how a feature is created *Mechanism (philosophy), a theory that ...

and

security" \n\n\nsecurity.txt is a proposed standard for websites' security information that is meant to allow security researchers to easily report security vulnerabilities. The standard prescribes a text file called \"security.txt\" in the well known locat ...

as a

policy Policy is a deliberate system of guidelines to guide decisions and achieve rational outcomes. A policy is a statement of intent and is implemented as a procedure or protocol. Policies are generally adopted by a governance body within an orga ...

,Wulf 74 pp.337-345 therefore making the protection-security distinction a particular case of the

separation of mechanism and policy The separation of mechanism and policy is a design principle in computer science. It states that mechanisms (those parts of a system implementation that control the authorization of operations and the allocation of resources) should not dictate ( ...

principle. Many frameworks consider both as

security controls Security controls are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the c ...

of varying types. For example, protection mechanisms would be considered technical controls, while a policy would be considered an administrative control.

Overview

The adoption of this distinction in a

computer architecture In computer engineering, computer architecture is a description of the structure of a computer system made from component parts. It can sometimes be a high-level description that ignores details of the implementation. At a more detailed level, t ...

usually means that protection is provided as a

fault tolerance Fault tolerance is the property that enables a system to continue operating properly in the event of the failure of one or more faults within some of its components. If its operating quality decreases at all, the decrease is proportional to the ...

mechanism by hardware/

firmware In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide h ...

and

kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learn ...

, whereas the

operating system An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs. Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...

and

applications Application may refer to: Mathematics and computing * Application software, computer software designed to help the user to perform specific tasks ** Application layer, an abstraction layer that specifies protocols and interface methods used in a c ...

implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional

cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...

techniques. The major hardware approachSwift 2005 p.26 for security or protection is the use of hierarchical protection domains. A prominent example of this approach is the

ring Ring may refer to: * Ring (jewellery), a round band, usually made of metal, worn as ornamental jewelry * To make a sound with a bell, and the sound made by a bell :(hence) to initiate a telephone connection Arts, entertainment and media Film and ...

architecture with "

supervisor mode In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults (by improving fault tolerance) and malicious behavior (by providing computer security). Computer ...

" and "user mode". Such an approach adopts a policy already at the lower levels (hardware/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the

capability-based addressing In computer science, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of capability-based security. Under a capability-based addressing scheme, pointers are replaced by protec ...

. Examples of models with protection and security separation include access matrix, UCLA Data Secure Unix, take-grant and

filter Filter, filtering or filters may refer to: Science and technology Computing * Filter (higher-order function), in functional programming * Filter (software), a computer program to process a data stream * Filter (video), a software component tha ...

. Such separation is not found in models like

high-water mark A high water mark is a point that represents the maximum rise of a body of water over land. Such a mark is often the result of a flood, but high water marks may reflect an all-time high, an annual high (highest level to which water rose that ...

, Bell–LaPadula (original and revisited),

information flow In discourse-based grammatical theory, information flow is any tracking of referential information by speakers. Information may be ''new,'' just introduced into the conversation; ''given,'' already active in the speakers' consciousness; or ''old, ...

, strong dependency and constraints.Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273

Notes

References

*Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981.
IBM System/38 support for capability-based addressing
'. In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348. * Intel Corporation (2002)
The IA-32 Architecture Software Developer’s Manual, Volume 1: Basic Architecture
' *Carl E. Landwehr
Formal Models for Computer Security

Volume 13, Issue 3 (September 1981) pp. 247 – 278 * Swift, Michael M; Brian N. Bershad, Henry M. Levy,
Improving the reliability of commodity operating systems
'

ACM Transactions on Computer Systems (TOCS), v.23 n.1, p. 77-110, February 2005 *

Computer security Dichotomies {{comp-sci-stub

Overview

See also

Notes

References