The Protection of Information in Computer Systems

Missives to the Past

I have made a seemingly negative remark on this seminal paper by Saltzer and Schroeder. The paper is very significant to me as it largely represents the conventional wisdom of 1975. Indeed this paper is the only introduction, on this site, to many vital protection concepts. I was largely in the same mind frame as the authors then. The paper was published the same year that the Gnosis project was first funded. We then had insights as to the solutions of some of the problems of capability systems described in the paper but they had not yet been described clearly, orally or on paper.

Several years passed before it was necessary to make the solution to these problems explicit. Perhaps the most important problem to be solved was the confinement problem. That solution and some background is described here.

The paper describes classical hardware protection mechanisms and their rationale which remain important sources of ideas. Many current Computer Science graduates are unaware of these issues, let alone their solutions.

I can only say that I wish that the notes at this site showed half the signs of careful scholarship and sound pedagogy of the Saltzer-Schroeder paper. The paper describes many of the problems that we address here better than we do.

This seems to be a pdf-ified form of my transcription and here is another html version at MIT, derived from mine, but with improved figures, which I subsequently borrowed.