The Protection of Information

      The use of a computer by multiple users is what this article focused on. Methods have always been needed to ensure that the computer system implements the correct authority structure for those applications in which the users do not all have the same permissions. The article identifies potential security violations in three categories. These categories included unauthorized information release, unauthorized information modification, and unauthorized denial of service (an intruder prevents an authorized user from referring to or modifying information).  This paper concentrates on protection and authentication mechanisms and it listed some ways of protecting systems. These mechanisms included the labeling of files with lists of authorized users, and verifying the identity of a prospective user by demanding a password. Putting a label on a file with a list of authorized users might be an open invitation for someone looking for a file to gain access to. If a file has the top management listed as the only ones with access to it, this file might be targeted by someone looking for information to steal. With the development of password cracking software, passwords are an extremely weak way to protect unauthorized use and stronger methods are needed in today’s world.

Computer protection mechanisms, which control access to information by executing programs, were also a focal point of the article. The four levels of functional goals for a protection system were identified as all-or-nothing systems, controlled sharing, user-programmed sharing controls, and putting strings on information. At all of these levels, the requirements for dealing with changes to gaining authorization for access were all a large impediment. Authentication mechanisms (systems that verify a user’s identity) have greatly improved with advances in technology, though.

 Reference

 [1] Saltzer, Jerome and Schroeder,  Michael D.” The Protection of Information in Computer Systems”. Sept. 1975; 1278 – 1308. Available from: Proceedings of the IEEE  (Volume:63 ,  Issue: 9 )

 

.