Protection and the Control of Information Sharing in Multics The design of mechanisms to control the sharing of information in the Multics system is described. Five design principles help provide insight into the tradeoffs among different possible designs. The key mechanisms described include access control lists, hierarchical control of access specifications, identification and authentication of users, and primary memory protection. The paper ends with a discussion of several known weaknesses in the current protection mechanism design. CACM July, 1974 Saltzer, J. H. Multics, protection, security, privacy, access control, authentication, computer utilities, time-sharing systems, proprietary programs, protected subsystems, virtual memory, descriptors 3.70 4.30 6.2 CA740705 JB January 17, 1978 12:49 PM 1753 4 2626 2358 4 2626 2377 4 2626 2377 4 2626 2372 4 2626 2436 4 2626 2625 4 2626 2626 4 2626 2626 4 2626 2626 4 2626 2626 4 2626 2626 4 2626 2669 4 2626 2786 4 2626 2840 4 2626 2840 4 2626 2868 4 2626 2868 4 2626 2870 4 2626 2919 4 2626 3017 4 2626 3105 4 2626 3110 4 2626 3144 4 2626 3174 4 2626 1746 5 2626 2358 5 2626 2377 5 2626 2625 5 2626 2626 5 2626 2626 5 2626 2626 5 2626 2629 5 2626 2840 5 2626 1471 6 2626 1746 6 2626 2436 6 2626 2626 6 2626 2629 6 2626