A model implementation for protective domains

A combination hardware/software mechanism is presented which supports very general capabilities for the protection of and controlled access to sharable information structures. It is defined through symbolic algorithms in terms of the dedicated model hardware. The model centers on two key concepts, that of thetenant, who is a storage holding entity, and that of thedomain, which is an information accessing entity. The domain, defined as a capsular collection of mutually accessible information structures having a single common external protective interface, is an integral part of the hardware logic. It is contended that the definition of a mechanism to enforce access authorizations must include an underlying philosophy specifying the conditions under which such access authorizations may be granted. Such a philosophy is suggested. It is based on theprinciple of ownership according to which any area of storage is at all times held by a single tenant who has the exclusive right to grant/revoke access privileges to his proprietary information structures, i.e., information residing in proprietary storage.This is an extensively revised version of a paper presented under the title A Computer System Model for Controlled Sharing of Information at ONLINE72, September 1972, Brunel University, Uxbridge, Middlesex, England. Republished by permission of ONLINE72.Work reported in this paper is of a theoretical nature and may not be construed to imply any product commitment by the Digital Equipment Corporation, Maynard, Massachusetts.