Commit 94357bc

@@ -0,0 +1,29 @@
+# Protection
+
+Protection refers to controlling the access of programs, processes or users
+to the resources defined by a computer system.
+
+Principle of least privilege: dictates that programs, users, and even systems
+be given just enough privileges to perform their tasks.
+
+Need to know principle: a process should be able to access only those resources
+that it currently requires to complete its task.
+
+A process operates within a `protection domain`, which specifies which resoures
+the process may access.
+The ability to execute an operation on an object is an `access right`.
+
+In UNIX a domain is associated with the user.
+An owner identification and domain bit (setuid bit) are associated with each file.
+When the `setuid` bit is on and a user executes the file the user id is set to that
+of the owner of the file. When the bit is off the user id does not change.
+
+## Summary
+
+Computer contain many objects (memory, CPU, I/O devices, files, programs, semaphores)
+and they need to be protected from abuse.
+An access right is permission to perform an operation on an object.
+A domain is a set of access rights.
+Processes execute in domains and may use any of the access rights in the domain.
+A process may be bound to a specific domain or allowed to switch from one domain
+to another.