2.4 Access Control Strategies

Even though the Morris worm attacked systems that implemented many access control mechanisms, these did not halt the worm’s spread. To understand why, we need to examine those mechanisms. First, we look at the general problem of access control. Computer-based access control falls into four categories that correspond to these real-world situations:

  1. Islands: A potentially hostile process is marooned on an island. The process can only use resources brought to it.

  2. Vaults: A process has the right to use certain resources within a much larger repository. The process must ask for access to the resources individually, and the system checks its access permissions on a case-by-case basis.

  3. Puzzles: A process uses secret ...

Get Elementary Information Security, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial