World Library  
Flag as Inappropriate
Email this Article

Separation of protection and security

Article Id: WHEBN0012310990
Reproduction Date:

Title: Separation of protection and security  
Author: World Heritage Encyclopedia
Language: English
Subject: Differentiated security, Separation of mechanism and policy, Dichotomies, Memory protection, Fault tolerance
Publisher: World Heritage Encyclopedia

Separation of protection and security

In computer sciences the separation of protection and security is a design choice. Wulf et al. identified protection as a mechanism and security as a policy,[1] therefore making the protection-security distinction a particular case of the separation of mechanism and policy principle.


The adoption of this distinction in a computer architecture, usually means that protection is provided as a fault tolerance mechanism by hardware/firmware and kernel, whereas the operating system and applications implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional cryptography techniques.

The major hardware approach[2] for security or protection is the use of hierarchical protection domains. Prominent example of this approach is ring architecture with "supervisor mode" and "user mode").[3] Such approach adopts a policy already at the lower levels (hardware/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the capability-based addressing.[1][4]

Examples of models with protection and security separation include: access matrix, UCLA Data Secure Unix, take-grant and filter. Such separation is not found in models like: high-water mark, Bell–LaPadula (original and revisited), information flow, strong dependency and constraints.[5]


  1. ^ a b Wulf 74 pp.337-345
  2. ^ Swift 2005 p.26
  3. ^ Intel Corporation 2002
  4. ^ Houdek et al. 1981
  5. ^ Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273


  • Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981. IBM System/38 support for capability-based addressing. In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348.
  • Intel Corporation (2002) The IA-32 Architecture Software Developer’s Manual, Volume 1: Basic Architecture
  • Carl E. Landwehr Formal Models for Computer Security [1] Volume 13, Issue 3 (September 1981) pp. 247 – 278
  • Swift, Michael M; Brian N. Bershad, Henry M. Levy, Improving the reliability of commodity operating systems, [2] ACM Transactions on Computer Systems (TOCS), v.23 n.1, p. 77-110, February 2005
  • Feltus, Christophe (2008). "Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept". Proceeding of 3rd international conference on information and communication technologies : from theory to applications (ICTTA 08), Damascus, Syria; Preliminary Literature Review of Policy Engineering Methods - Toward Responsibility Concept. 

See also

This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.