Import: 6 Protection is an old issue in operating system, but there are still a lot of people doing researches in this field. But I don't think they will come up with some new ideas. All the approaches are like to implemented the access matrix at a low cost and in a dummy way. Novelty: 5 No personal ideas. But the figures are great. Quality: 7 All the topics are described clearly. The tried to present a whole figure of protection mechanism and they did it well. The format of this paper is the best among all these five. Overall: 7 Mostly based on their presentation. -------- This paper was not very novel, but it was extremely well written and very interesting to read. I found few errors and was able to understand the intrinsically difficult concepts aided by the clear, concise writing style. With the exception of my paper, this was the best in the class. Congratulations on writing a great paper! -------- An introduction is needed for this paper. Adding some more context makes it easier for the reader to know what the focus of the paper. In particular, it's not clear what motivated each of the approaches discussed. Starting the paper with definitions without providing an accessible interpretation of the problem(s) discussed is very confusing. Some grammatical errors were noticeable (about 2 per page) but did not detract too much from the overall presentation. Overviews belong at the beginning of sections, not at the end. These subsections should probably be titled Summary or something similar. The goal of paper seemed to be presenting a complete picture of access control instead of presenting current research on access control. The concepts presented did not appear to be new in any sense. Your cited references support this notion. Perhaps the goal of the paper should have been less on covering all aspects of access control and more on covering a smaller subarea of access control featuring some recent work. This is in line with the "6-8 papers of recent research papers" from the course outline. The DTE and MAC sections needed to be linked to Role-based and Discretionary access control methods. You did a good job of showing how RBAC tried to improve upon DAC, but where in the development of access controls do DTEAC and MAC fit in? If these mechanisms were developed at the same time and were proposed to solve different problems, it may have been useful to state this. The overall presentation was excellent. The conclusions for each access control method probably needed some common criteria, something akin to design parameters (i.e. granularity, expressiveness, etc.). I think this would give a more methodical treatment of the topic. -------- A very well written paper. You've expressed the ideas clearly and concisely. Tables were easy to understand. Presentation and organization was excellent. However, the topic isn't really recent research. It actually seems a little old and basic for a grad OS class. Also, that doesn't look like 12 point font! You're hurting my eyes! -------- Well written paper. Very clear, very organized, very focused. Some minor grammar and typo errors, but none are very significant to throw the reader off from understanding the material. Good analysis on advantages and disadvantages of the different mechani- sms, and very good examples presented (nice and clear diagrams too!) Novelty is graded on average since it doesn't sound like any new research areas or new ideas are presented. Maybe it would help if you mention what an "ideal" system would be that can guarantee pro- tection at a high probability, based on these surveyed mechanisms? Import graded okay, since the topic of protection remains a hot topic to this day. But overall, the paper is excellent. -------- General layout nits: Table 1 is referenced on page 1 but not seen until page 3 - that's too far away for the user to flip pages. Same for figure 2 - mentioned on page 4, but not seen until page 6. In section 2 and 3, why is the DAC overview before an example? Perhaps overview is not the proper word? Maybe analysis? Overview implies a general explanation of a subject and you are providing analysis. Is figure 1 mentioned in the paper anywhere? I didn't see it on the first read. I'm not sure that figure 2b really shows what it is supposed to be representing. Section 3.2.1 "Example of that is shown in [1]." This is a bit unclear. -------- All the protection mechanism descriptions in this paper were clear and simply stated, with the exception of the DAC mechanism which I didn't quite get. All potentially ambiguous terms are defined before they are used. In addition, the figures and examples provided for each mechanism helped solidify the descriptions. Although it was touched on a bit, I think it would have been nice to read about when each mechanism is used (example applications or something). Perhaps this would have added some amount of analysis by the authors, as they mostly just presented the topics and did not add anything to the subject. I liked that, at least in the access control section, the descriptions of the advantages and disadvantages of each technique as well as which technique is used most commonly today. I also liked that security faults of the different mechanisms were pointed out. This extra detail made the descriptions a lot more complete. I found some of the organization of the paper a little confusing, but I guess that's to be expected in a group project. -------- While the paper is well written it lacks focus on recent research The sections on capabilities and the UNIX file system are textbook material. It seems that the paper attempted to cover too many aspects of protection. A more focused approach would cover a few recent systems in one area (confidentiality, integrity, availability) and then provide some analysis comparing the designs. -------- Authors make a survey in the area of system security, and try explaining what protection mechanisms are out there, how they work, and what kind of vulnerability they potentially have. What I am interested in this paper is the Role based access control, which seems quite a newer approach than that of others. From my point of view, it can be used to reduce the vulnerability of Unix protection scheme when it properly cooperates with Unix. Because of my lack of knowledge, I cannot say further whether it is possible or not. However, you could try following that sort of approach. One more comment about Analysis. If the each overview section is their analysis, it's not a good idea just to describe the already known problem or solution. Especially, DTE overview doesn't seem like analysis or overview at all. It's really a plain fact. Overally, I don't have any difficulty to understand the concepts. I believe that comes from appropriate usages of figures and tables, even though some mistakes exist in labeling the figures. I found few small mistakes: 1) in an annotation about trojan horse, reference number [19] which doesn't exist in reference section. 2) in the last sentence of the first paragraph at section 3.1.1, figure 2(a) should be replaced to figure 1(a) 3) in the middle of paragraph at section 3.1.3, figure2b should be replaced to figure 1(b) and they say that figure 2(b) shows the example of least privilege principle, but i don't think it is correct. 4) some of references are not used in the context ([6], [10], [15]) -------- A nicely written paper but I think the paper has an inappropriate title, it should have been "Access Control mechanisms".The paper should have provided little more (low level) details than what is an obvious theoretical explanation of well known access mechanisms DAC,MAC and RBAC. How about providing Access Algorithm? The authors seem to have provided a textbook material on DAC, How about providing information on variations in DAC, there is a Strict DAC amd a Liberal DAC. In DAC there are variations in whether ownership can be transferred or not, and there are different levels of granting access or revocation of access to objects. I don't see any mention of anything like that. The paper provides no information as how is access information stored in protected space, Access Protection of Access protection! The material in the paper doesn't justify reference to 18 papers. In fact u seem to have referred 19th paper too, annotation on page 4 refers to reference 19, which doesn't exist. And this isn't 12 point Font !!! There are frequent grammatical errors and the text sometimes refers to wrong figures ( 3.1.1 refers to 1a and not 2a) I have given a high score in quality purely because the material is well organized and a low score in Novelty as I don't see any novelty here. This was too easy a paper as the authors seem to have left out the complex issues from references. -------- This paper begins by discussing the methods of defining access by subjects (users/user programs) to objects. Conceptually, access is represented by an access matrix but is rarely implemented that way. The best way presented in the paper is a list of accesses that can be sorted to group access into capability lists or access control lists. Next, Discretionary Access Control (DAC) is explained where users "own" objects and therefore get to choose who can access their objects. The main problem with this approach is the user can run programs that change their object permissions without them knowing it (Trojan Horse problem). Next, Mandatory Access Control (MAC) is a specific access control system (not a general approach like DAC) where users have a "security clearance" and objects have a "security classification". The benefit of this approach is that user programs cannot modify access to objects. However, it is not very flexible because policy is intertwined with mechanism. The next protection approach described is Role-Based Access Control (RBAC). This provides the flexibility to implement DAC-type policies and the access control of MAC. The last approach described is the Domain and Type Enforcement (DTE) approach. This groups users into domains and assigns roles to domains. Another access mechanism is added that controls who may transfer the flow of execution to whom. This prevents processes who gain access to a "kernel-level" program from infiltrating the entire system as described in the "setuid problem". The paper does a good job of what it sets out to do, as given in the abstract: to lay the foundation for understanding protection in modern operating systems. It gives a clear high-level discussion. However, I wanted to know more technical details. Also, I could not be sure if there was a novel contribution in the paper -- perhaps this was the example in section 5.2. Those are my chief complaints. I feel that the paper is well-organized, but it has so many subsections that I kept getting lost. On a positive note, the wording is very good. I was entertained by the footnote joke, but I think the Accent paper joke was better. :) -------- The paper is well-structured. Although, the topic is not novel, protection mechanism has always been popular. The authors successfully presented sufficient mechanisms supporting with figures and tables. I think, they mention all the mechanisms with enough detail. There are not much clearity problems. The flow of the sections is clear and understandable. It is also nice that they described both the advantages and disadvantages of different protection mechanisms. However, there are still some small presentational mistakes. "... write-down rule ..." page 5 ,"see [19]" page 4, "... figure 2b ..." page 4.