The Full Wiki

Separation of protection and security: Wikis


Note: Many of our articles have direct quotes from sources you can cite, within the Wikipedia article! This article doesn't yet, but we're working on it! See more info or our list of citable articles.


From Wikipedia, the free encyclopedia

In computer sciences the separation of protection and security is a design choice. Wulf et al. identified protection as a mechanism and security as a policy,[1] therefore making the protection-security distinction as a particular case of the separation of mechanism and policy principle.



The adoption of this distinction in a computer architecture, usually means that protection is provided as a fault tolerance mechanism by hardware/firmware and kernel, whereas the operating system and applications implement their security policies. In this design, security policies rely therefore on the protection mechanisms and on additional cryptography techniques.

The major hardware approach[2] for security or protection is the use of hierarchical protection domains. Prominent example of this approach is ring architecture with "supervisor mode" and "user mode")[3]. Such approach adopts a policy already at the lower levels (hw/firmware/kernel), restricting the rest of the system to rely on it. Therefore, the choice to distinguish between protection and security in the overall architecture design implies rejection of the hierarchical approach in favour of another one, the capability-based addressing.[1][4]

Design models with the separation

The models with the protection and security separation are: access matrix, UCLA Data Secure Unix, take-grant and filter.

Design models without the separation

The models without such separation are: high-water mark, Bell and LaPadula (original and revisited), information flow, strong dependency and constraints.[5]


  1. ^ a b Wulf 74 pp.337-345
  2. ^ Swift 2005 p.26
  3. ^ Intel Corporation 2002
  4. ^ Houdek et al. 1981
  5. ^ Landwehr 81, pp. 254, 257; there's a table showing which models for computer security separates protection mechanism and security policy on p. 273


See also



Got something to say? Make a comment.
Your name
Your email address