HOME

TheInfoList



Click Here for Items Related To - Separation Of Mechanism And Policy
OR:
Separation Of Mechanism And Policy on:   [Wikipedia]   [Google]   [Amazon]

The separation of mechanism and policy is a
design A design is the concept or proposal for an object, process, or system. The word ''design'' refers to something that is or has been intentionally created by a thinking agent, and is sometimes used to refer to the inherent nature of something ...
principle in
computer science Computer science is the study of computation, information, and automation. Computer science spans Theoretical computer science, theoretical disciplines (such as algorithms, theory of computation, and information theory) to Applied science, ...
. It states that mechanisms (those parts of a system implementation that control the
authorization Authorization or authorisation (see American and British English spelling differences#-ise, -ize (-isation, -ization), spelling differences), in information security, computer security and identity management, IAM (Identity and Access Managemen ...
of operations and the
allocation of resources In economics, resource allocation is the assignment of available resources to various uses. In the context of an entire economy, resources can be allocated by various means, such as markets, or planning. In project management, resource allocation ...
) should not dictate (or overly restrict) the policies according to which decisions are made about which operations to authorize, and which resources to allocate. While most commonly discussed in the context of security mechanisms (authentication and authorization), separation of mechanism and policy is applicable to a range of resource allocation problems (e.g. CPU scheduling,
memory allocation Memory management (also dynamic memory management, dynamic storage allocation, or dynamic memory allocation) is a form of resource management applied to computer memory. The essential requirement of memory management is to provide ways to dynam ...
,
quality of service Quality of service (QoS) is the description or measurement of the overall performance of a service, such as a telephony or computer network, or a cloud computing service, particularly the performance seen by the users of the network. To quantitat ...
) as well as the design of software abstractions.
Per Brinch Hansen Per Brinch Hansen (13 November 1938 – 31 July 2007) was a Denmark, Danish-United States, American computer scientist known for his work in operating systems, Concurrent computing, concurrent Computer programming, programming and Parallel comput ...
introduced the concept of separation of policy and mechanism in operating systems in the RC 4000 multiprogramming system. Artsy and Livny, in a 1987 paper, discussed an approach for an operating system design having an "extreme separation of mechanism and policy". In a 2000 article, Chervenak et al. described the principles of ''mechanism neutrality'' and ''policy neutrality''.


Rationale and implications

The separation of mechanism and policy is the fundamental approach of a
microkernel In computer science, a microkernel (often abbreviated as μ-kernel) is the near-minimum amount of software that can provide the mechanisms needed to implement an operating system (OS). These mechanisms include low-level address space management, ...
that distinguishes it from a
monolithic A monolith is a monument or natural feature consisting of a single massive stone or rock. Monolith or monolithic may also refer to: Architecture * Monolithic architecture, a style of construction in which a building is carved, cast or excavated f ...
one. In a microkernel, the majority of operating system services are provided by user-level server processes. It is important for an
operating system An operating system (OS) is system software that manages computer hardware and software resources, and provides common daemon (computing), services for computer programs. Time-sharing operating systems scheduler (computing), schedule tasks for ...
to have the flexibility of providing adequate mechanisms to support the broadest possible spectrum of real-world security policies.R. Spencer, S. Smalley, P. Loscocco, M. Hibler, D. Andersen, and J. Lepreau
The Flask Security Architecture: System Support for Diverse Security Policies
' In Proceedings of the Eighth USENIX Security Symposium, pages 123–139, Aug. 1999. It is almost impossible to envision all of the different ways in which a system might be used by different types of users over the life of the product. This means that any hard-coded policies are likely to be inadequate or inappropriate for some (or perhaps even most) potential users. Decoupling the mechanism implementations from the policy specifications makes it possible for different applications to use the same mechanism implementations with different policies. This means that those mechanisms are likely to better meet the needs of a wider range of users, for a longer period of time. If it is possible to enable new policies without changing the implementing mechanisms, the costs and risks of such policy changes can be greatly reduced. In the first instance, this could be accomplished merely by segregating mechanisms and their policies into distinct modules: by replacing the module which dictates a policy (e.g. CPU scheduling policy) without changing the module which executes this policy (e.g. the scheduling mechanism), we can change the behaviour of the system. Further, in cases where a wide or variable range of policies are anticipated depending on applications' needs, it makes sense to create some non-code means for specifying policies, i.e. policies are not hardcoded into executable code but can be specified as an independent description. For instance, file protection policies (e.g. Unix's ''user/group/other read/write/execute'') might be parametrized. Alternatively an implementing mechanism could be designed to include an interpreter for a new policy specification language. In both cases, the systems are usually accompanied by a deferred binding mechanism (e.g.
late binding In computing, late binding or dynamic linkage—though not an identical process to dynamically linking imported code libraries—is a computer programming mechanism in which the method being called upon an object, or the function being called ...
of configuration options via
configuration file A configuration file, a.k.a. config file, is a computer file, file that stores computer data, data used to configure a software system such as an application software, application, a server (computing), server or an operating system. Some applic ...
s, or runtime programmability via
API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...
s) that permits policy specifications to be incorporated to the system or replaced by another after it has been delivered to the customer. An everyday example of mechanism/policy separation is the use of card keys to gain access to locked doors. The mechanisms (magnetic card readers, remote controlled locks, connections to a security server) do not impose any limitations on entrance policy (which people should be allowed to enter which doors, at which times). These decisions are made by a centralized security server, which (in turn) probably makes its decisions by consulting a database of room access rules. Specific authorization decisions can be changed by updating a room access database. If the rule schema of that database proved too limiting, the entire security server could be replaced while leaving the fundamental mechanisms (readers, locks, and connections) unchanged. Contrast this with issuing physical keys: if you want to change who can open a door, you have to issue new keys and change the lock. This intertwines the unlocking mechanisms with the access policies. For a hotel, this is significantly less effective than using key cards.


See also

*
Separation of concerns In computer science, separation of concerns (sometimes abbreviated as SoC) is a design principle for separating a computer program into distinct sections. Each section addresses a separate '' concern'', a set of information that affects the code o ...
*
Unix philosophy The Unix philosophy, originated by Ken Thompson, is a set of cultural norms and philosophical approaches to Minimalism (computing), minimalist, Modularity (programming), modular software development. It is based on the experience of leading devel ...
*
X Window System The X Window System (X11, or simply X) is a windowing system for bitmap displays, common on Unix-like operating systems. X originated as part of Project Athena at Massachusetts Institute of Technology (MIT) in 1984. The X protocol has been at ...


Notes


References

* included in book: (p. 18) * * (pp. 238–241) * *Chervenak et al.
The data grid
{dead link, date=March 2018 , bot=InternetArchiveBot , fix-attempted=yes '' Journal of Network and Computer Applications, Volume 23, Issue 3, July 2000, Pages 187-200 *Artsy, Yeshayahu, an
Livny, Miron
An Approach to the Design of Fully Open Computing Systems (University of Wisconsin / Madison, March 1987) Computer Sciences Technical Report #689.


External links

*
Raphael Finkel Raphael Finkel (born 1951) is an American computer scientist and a retired professor at the University of Kentucky. He compiled the first version of the Jargon File. He is the author of ''An Operating Systems Vade Mecum'',An operating system Vade Mecum

Mechanism and policy for HTC
Dichotomies Operating system technology Programming principles