8.1 Security Goals
8.2 Security Architectures
8.2.1 Access Control in Traditional Systems
8.2.2 Mandatory Access Control
8.2.3 Capability Systems
Security is clearly an important area. Even when we restrict its scope to computer systems, it's a very broad area. In this chapter we cover a rather narrow but essential aspect of computer security — operating-system support for security. This entails not just making the operating system itself secure, but facilitating the writing of secure applications.
The ultimate security goal for any system is that the system does exactly what it's supposed to do — no more and no less. We can divide this rather concise specification into three related areas: confidentiality, integrity, and availability. Confidentiality is prevention of unauthorized or unintended disclosure of information. Integrity involves making sure that information (including executable code) stored on a system isn't tampered with, augmented, or deleted, either without authorization or unintendedly. Availability is the assurance that a system can always perform its intended function.
A system without proper integrity controls certainly can't provide confidentiality — the confidentiality controls could be tampered with because of the lack of integrity. Similarly, a system without good confidentiality controls might well not be able to provide integrity: passwords for system accounts might be easily ...