Protection Errors in Operating Systems: Validation of Critical Conditions

Abstract

This report describes a class of operating system protection errors known as 'insufficient validation of critical conditions,' or simply 'validation errors,' and outlines a scheme for finding them. This class of errors is recognized as a very broad one, lying outside the scope of the basic protection mechanisms of existing systems; the extent of the problem is illustrated by a set of validation errors taken from current systems. Considerations for validity conditions and their attachment to variables and to various types of control points in procedures are explored, and categories of validation methods noted. The notion of criticality itself is analyzed, and criteria suggested for determining which variables and control points are most critical in the protection sense. Because a search for validation errors can involve substantial information processing, the report references existing or developing tools and techniques applicable to this task. (Author)

Open PDF

Document Details

Document Type
Technical Report
Publication Date
May 01, 1976
Accession Number
ADA026442

Entities

People

  • Jim Carlstedt

Organizations

  • University of Southern California

Tags

Communities of Interest

  • C4I

DTIC Thesaurus Topics

  • Abstracts
  • California
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Information Processing
  • Information Science
  • Language
  • Operating Systems
  • Programming Languages
  • Security
  • System Software
  • Universities
  • Validation

Readers

  • Cybersecurity.
  • Instructional Design and Training Evaluation.
  • Mathematical Modeling and Probability Theory.