Protection Errors in Operating Systems: Serialization

Abstract

This document describes a class of protection errors found in current computer operating systems. It is intended primarily for persons responsible for improving security aspects of existing operating system software. The term 'protection evaluation' here denotes a search for errors based only on static information about a target operating system, primarily program listings but possibly other system documentation as well. These static methods are intended to complement dynamic methods such as testing, auditing, and penetration attempts. The report deals with a class of errors initially identified empirically. The class formed itself around a group of protection errors (within a larger collection) having the common characteristic of involving operations or accesses occurring in the wrong order or at the wrong times relative to others. In its broadest sense, it includes a large proportion of all programming errors-- those having to do with improper ordering or scheduling of 'operations'; in a narrower sense it includes only those errors resulting from improper ordering of accesses to objects accessible by potentially concurrent operations.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Apr 01, 1978
Accession Number
ADA055375

Entities

People

  • Jim Carlstedt

Organizations

  • University of Southern California

Tags

DTIC Thesaurus Topics

  • Abstracts
  • Computer Programming
  • Computer Programs
  • Computer Science
  • Computers
  • Cybersecurity
  • Databases
  • Information Science
  • Language
  • Models
  • Operating Systems
  • Petri Nets
  • Phase Transformations
  • Programming Languages
  • Scheduling (Production)
  • Security
  • System Software

Fields of Study

  • Engineering

Readers

  • Applied Combinatorial Optimization and Logic Circuit Design.
  • Cybersecurity.
  • Parallel and Distributed Computing.