---------------------------------------------------------------------------- Advance OS: Paper Summary 10/10 Tadashi Okoshi(slash@cs.cmu.edu) The Protection of Information in Computer Systems This paper describes how the mechanisms to share information with authorization can be achieved. It firstly observes the issues, specify several levels of functional goal of information sharing, proposes several design principles, details design of mechanisms for each level of functional goals, and mentions further research areas. [Important points] 1.This paper clarifies the functional goal of protection of computer-stored information to several levels, (1) Unprotected systems, (2) All-or-nothing systems, (3) Controlled sharing, and (4) User-programmed sharing controls, followed by several mechanisms designs of each systems. As an "All-or-nothing system", the authors proposed "Isolated Virtual Machine" where privileged state bit and descriptor register protects memory from access across boundary. As examples of "Controlled sharing", the authors proposed two systems, "Capability system" and "ACL System". As an "User-programmed sharing controls", which realizes more dynamic and flexible protection than (3) systems, they introduced the notion of "protected subsystem" at each of which data protection mechanism itself is a user-programmable software. 2.In this paper, the authors introduces several design principles for information protection mechanism design according to previous experience: (1) Economy of mechanism, (2) Fail-safe default, (3) Complete mediation, (4)Open design, (5) Separation of privilege, (6) Least privilege, (7)Least common mechanism, and (8) Psychological acceptability. The author's detail design in the later part of this paper made decision according to these principles for several times. 3.The authors mentioned several further research topics of information protection area in the end of this paper: (1) Certification of correctness, (2) invulnerability to single fault, (3) constraints on information after release, (4) encipherment of information, and (5) improvement of authentication. [Deficiency] When I specify the deficiency of this paper in terms of paper construction, this paper should be more compact, according to one principle for writing paper; "Less is more." [For building system] This paper told me the importance of incremental design of mechanisms from the basic mechanism with simple functionality to complex mechanism with additional functionalities. The author clarified functional goal to several levels, and realized them one by one. With the design principles, such as "Least privilege", they first realized "protection" and then realized "controlled-sharing". These design steps told me the importance of incremental designing.