Separation of mechanism and policy: Difference between revisions

Content deleted Content added

Inline

Revision as of 10:28, 19 July 2007

The principle Separation of mechanism^[1] and policy has several uses in the field of Computer science.

The separation of mechanism and policy is the fundamental approach of a micro kernel that distinguishes it from a monolithic one. In a microkernel the majority of operating system services are provided by user-level server processes.^[2] It is considered important for an operating system to have the flexibility of providing adequate mechanisms to support the broadest possible spectrum of real-world security policies.^[3]

Per Brinch Hansen presented cogent arguments in favor of separation of mechanism and policy.^[4]^[5]

Artsy, in a 1987 paper, discussed an approach for an operating system design having an "extreme separation of mechanism and policy".^[6]^[7]

In a 200 article, Chervenak et al described the principles of mechanism neutrality and policy neutrality.^[8]

Notes

^ Butler W. Lampson and Howard E. Sturgis. Reflections on an Operating System Design [1] Communications of the ACM 19(5):251-265 (May 1976)
^ Raphael Finkel, Michael L. Scott, Artsy Y. and Chang, H. [www.cs.rochester.edu/u/scott/papers/1989_IEEETSE_Charlotte.pdf Experience with Charlotte: simplicity and function in a distributed operating system]. IEEE Trans. Software Engng 15:676-685; 1989. Extended abstract presented at the IEEE Workshop on Design Principles for Experimental Distributed Systems, Purdue University; 1986.
^ R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau The Flask Security Architecture: System Support for Diverse Security Policies In Proceedings of the Eighth USENIX Security Symposium, pages 123–139, Aug. 1999.
^ Wulf 74 pp.337-345
^ Brinch Hansen 70 pp.238-241
^ Miller, M. S., & Drexler, K. E. (1988). Markets and computation: Agoric open systems. In Huberman (1988), pp. 133{176. (Huberman, B. A. (Ed.). (1988). The Ecology of Computation. North-Holland.)
^ Artsy, Yeshayahu et al, 1987
^ Chervenak 2000 p.2

References

Per Brinch Hansen (2001). "The evolution of operating systems" (pdf). Retrieved 2006-10-24. {{cite journal}}: Cite journal requires |journal= (help) included in book: Per Brinch Hansen (ed.). "1". Classic operating systems: from batch processing to distributed systems. New York,: Springer-Verlag. pp. 1–36. ISBN 0-387-95113-X. {{cite book}}: External link in |chapterurl= (help); Unknown parameter |chapterurl= ignored (|chapter-url= suggested) (help); Unknown parameter |origdate= ignored (|orig-date= suggested) (help)CS1 maint: extra punctuation (link) (p.18)
Wulf, W. (1974). "HYDRA: the kernel of a multiprocessor operating system". Communications of the ACM. 17 (6): 337–345. ISSN 0001-0782. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help) (pp.337-345)
Hansen, Per Brinch (1970). "The nucleus of a Multiprogramming System". Communications of the ACM. 13 (4): 238–241. ISSN 0001-0782. {{cite journal}}: Unknown parameter |month= ignored (help) (pp.238-241)
Levin, R. (1975). "Policy/mechanism separation in Hydra". ACM Symposium on Operating Systems Principles / Proceedings of the fifth ACM symposium on Operating systems principles: 132–140. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help)
Chervenak et al The data grid Journal of Network and Computer Applications, Volume 23, Issue 3, July 2000, Pages 187-200
Artsy, Yeshayahu, and Livny, Miron, An Approach to the Design of Fully Open Computing Systems (University of Wisconsin / Madison, March 1987) Computer Sciences Technical Report #689.
Wulf, W. (1974). "HYDRA: the kernel of a multiprocessor operating system". Communications of the ACM. 17 (6): 337–345. ISSN 0001-0782. {{cite journal}}: Unknown parameter |coauthors= ignored (|author= suggested) (help); Unknown parameter |month= ignored (help)

External links

This computer science article is a stub. You can help Wikipedia by expanding it.

[1] Butler W. Lampson and Howard E. Sturgis. Reflections on an Operating System Design [1] Communications of the ACM 19(5):251-265 (May 1976)

[2] Raphael Finkel, Michael L. Scott, Artsy Y. and Chang, H. [www.cs.rochester.edu/u/scott/papers/1989_IEEETSE_Charlotte.pdf Experience with Charlotte: simplicity and function in a distributed operating system]. IEEE Trans. Software Engng 15:676-685; 1989. Extended abstract presented at the IEEE Workshop on Design Principles for Experimental Distributed Systems, Purdue University; 1986.

[3] R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau The Flask Security Architecture: System Support for Diverse Security Policies In Proceedings of the Eighth USENIX Security Symposium, pages 123–139, Aug. 1999.

[Wulf74-4] Wulf 74 pp.337-345

[Hansen70-5] Brinch Hansen 70 pp.238-241

[6] Miller, M. S., & Drexler, K. E. (1988). Markets and computation: Agoric open systems. In Huberman (1988), pp. 133{176. (Huberman, B. A. (Ed.). (1988). The Ecology of Computation. North-Holland.)

[7] Artsy, Yeshayahu et al, 1987

[8] Chervenak 2000 p.2

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

@@ Line 27: / Line 27: @@
 *Artsy, Yeshayahu, and [http://pages.cs.wisc.edu/~miron/ Livny, Miron], An Approach to the Design of Fully Open Computing Systems (University of Wisconsin / Madison, March 1987) Computer Sciences Technical Report #689.
 * {{cite journal |last=Wulf |first=W. |authorlink=William Wulf |coauthors=E. Cohen, W. Corwin, A. Jones, R. Levin, C. Pierson, F. Pollack |year=1974 |month=June |title=HYDRA: the kernel of a multiprocessor operating system |journal=Communications of the ACM |volume=17 |issue=6 |pages=337 - 345 |id=ISSN 0001-0782 |url=http://portal.acm.org/citation.cfm?id=364017&coll=portal&dl=ACM }}
+==See also==
+*[[Separation of protection and security]]
 ==External links==