Protection in Operating Systems A model of protection mechanisms in computing systems is presented and its appropriateness is argued. The "safety" problem for protection systems under this model is to determine in a given situation whether a subject can acquire a particular right to an object. In restricted cases, it can be shown that this problem is decidable, i.e. there is an algorithm to determine whether a system in a particular configuration is safe. In general, and under surprisingly weak assumptions, it cannot be decided if a situation is safe. Various implications of this fact are discussed. CACM August, 1976 Harrison, M. A. Ruzzo, W. L. Ullman, J. D. protection, protection system, operating system, decidability, Turing machine 4.30 4.31 5.24 CA760804 JB January 4, 1978 10:12 AM 1458 4 2840 1523 4 2840 1603 4 2840 1698 4 2840 1747 4 2840 1748 4 2840 1753 4 2840 1854 4 2840 1877 4 2840 1960 4 2840 2358 4 2840 2377 4 2840 2377 4 2840 2378 4 2840 2372 4 2840 2497 4 2840 2558 4 2840 2625 4 2840 2626 4 2840 2626 4 2840 2632 4 2840 2786 4 2840 2840 4 2840 2840 4 2840 2840 4 2840 2840 4 2840 2840 4 2840 2869 4 2840 2919 4 2840 2941 4 2840 3017 4 2840 3105 4 2840 3110 4 2840 3128 4 2840 3144 4 2840 3158 4 2840 3174 4 2840 1471 5 2840 1746 5 2840 2436 5 2840 2626 5 2840 2629 5 2840 2840 5 2840 2840 5 2840 2840 5 2840 3076 5 2840 2607 6 2840 2840 6 2840