access controls.  It prevents objects from
                       interacting with each other.
                          •  Example: time multiplexing, naming
                              distinctions (SSID), virtual mapping
                              (memory space)
                          •  This can be accomplished through
                              layering.  Processes in one layer
                              cannot communicate with another
                              layer (except through a secure
                              interface)
                          •  Data hiding: when there is no
                              interface to communicate between
                              layers.  This protects both
                              confidentiality and integrity.
                   •  Ring protection
                          •  Ring 0 – O/S Kernel
                          •  Ring 1 – O/S
                          •  Ring 2 – Utilities
                          •  Ring 3 – User applications
                   •  Security domains (a.k.a. Execution domains,
                       protection domains): a group of subjects
                       (processes) that share similar privileges or
                       management controls.

               Operating System Protection Concepts
                   •  Discretionary access control (DAC): object
                       access is left to the owner.
                   •  Mandatory access control
                          •  Need an access control policy.
                          •  Need labeling (classification) for
                              objects.