An abstract from “Protection Analysis: Final Report”

The Protection Analysis project was initiated at ISI by ARPA IPTO to further understand operating system security vulnerabilities and, where possible, identify automatable techniques for detecting such vulnerabilities in existing system software. The primary goal of the project was to make protection evaluation both more effective and more economical by decomposing it into more manageable and methodical subtasks so as to drastically reduce the requirement for protection expertise and make it as independent as possible of the skills and motivation of the actual individuals involved. The project focused on near-term solutions to the problem of improving the security of existing and future operating systems in an attempt to have some impact on the security of the systems which would be in use over the next ten years.

A general strategy was identified, referred to as “pattern-directed protection evaluation” and tailored to the problem of evaluating existing systems. The approach provided a basis for categorizing protection errors according to their securityrelevant properties; it was successfully applied for one such category to the MULTICS operating system, resulting in the detection of previously unknown security vulnerabilities. 

References

Richard Bisbey II and Dennis Hollingworth, Protection Analysis: Final Report, ISI/SR-78-13, USC/Information Sciences Institute, Marina Del Rey, CA 90291 Marina Del Rey, CA 90291 (May 1978).

https://csrc.nist.gov/CSRC/media/Publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/early-cs-papers-1970-1985.pdf

Related papers

Richard Bisbey II, Gerald Popek, and James Carlstedt, “Protection Errors in Operating Systems: Inconsistency of a Single Data Value Over Time,”ISI/SR75-4, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (Dec. 1975). • Richard Bisbey II et al., “Data Dependency Analysis,” ISI/RR-76-45, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (Feb. 1976).

James Carlstedt et al., “Pattern Directed Protection Evaluation,” ISI/RR-75-31, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (June 1975).

James Carlstedt, “Protection Errors in Operating Systems: Validation of Critical Conditions,” ISI/SR-76-5, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (May 1976).

James Carlstedt, “Protection Errors in Operating Systems: A Selected Annotated Bibliography and Index to Terminology,” ISI/SR-78-10, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (Jan. 1978).

James Carlstedt, “Protection Errors in Operating Systems: Serialization,” ISI/SR-78-9, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (Apr. 1978).

Dennis Hollingworth and Richard Bisbey II, “Protection Errors in Operating Systems: Allocation/Deallocation Residuals,” ISI/SR-76-7, University of Southern California/Information Sciences Institute, Marina Del Rey, CA 96291 (June 1976).

Peter G. Neumann, “Computer Security Evaluation,” 1978 National Computer Conference, AFIPS Conference Proceedings 47, pp. 1087–1095 (1978).