What Is a Protection Mechanism?

A protection mechanism is a security device on a computer which acts to enforce selected security policies for the various users on the system. Without a protection mechanism, it would be impossible to prevent individual users from having full access to the system; each user would be able to add programs, remove programs, and make other major changes to the computer without restriction. With a protection mechanism, the computer administrator can restrict the rights of individual users, classifying some as limited or restricted users with comparably fewer rights compared to administrators.

The protection mechanism in a computer is a bit like a bouncer standing outside a nightclub, possessing a guest list for a party. Not all guests are created equal; some have full VIP access to the party while others are only permitted to attend in a more basic capacity. Computer administrators are those VIP guests, in that they can go anywhere in the system and do anything they like. Limited users, on the other hand, are only authorized to do the things that administrators allow them to do. The main responsibility of protection mechanisms is to keep the list of regular guests and "VIPs" separate, ensuring that each user of the computer remains within his given role.

A basic model of a protection mechanism is a matrix access model, which is essentially a grid-based list delineating the abilities of a particular process within the computer. For example, some assets or programs might be allowed to read and write to the hard drive, while other programs might only be allowed to retrieve information from the drive without ever being able to modify or add to it. One of the most common examples of this behavior is the firewall on modern Windows® operating systems; the first time a program attempts to access the Internet, the firewall intervenes and asks whether the program should be allowed to proceed.

In the absence of a working protection mechanism, the computer will no longer be able to decide who should, and who should not, have access to files and permissions on the computer. It is analogous to a formerly private party unlocking its doors and sending all of its security home; now anyone and everyone is free to enter, and there is nothing to prevent them from taking full advantage of the amenities within. In other words, if the protection mechanisms on a system fail, the computer is exposed.