MECHANISMS THAT CONTROL ACCESS TO INFORMATION BY EXECUTING PROGRAMS ARE THE PRIMARY FOCUS OF DISCUSSION. AT THE LEVEL OF EXISTING KNOWLEDGE, IT IS IMPOSSIBLE TO BUILD A SYSTEM WITHOUT FLAWS. THE ALTERNATIVE IS TO RELY ON EIGHT DESIGN PRINCIPLES WHICH TEND TO REDUCE BOTH THE NUMBER AND THE SERIOUSNESS OF ANY FLAWS: (1) ECONOMY OF MECHANISM, WHICH KEEPS THE DESIGN AS SIMPLE AND SMALL AS POSSIBLE; (2) FAIL-SAFE DEFAULTS, WHICH BASES COMPUTER ACCESS DECISIONS ON PERMISSION RATHER THAN EXCLUSION; (3) COMPLETE MEDIATION, WHICH PROVIDES THAT EVERY ACCESS TO EVERY OBJECT MUST BE CHECKED FOR AUTHORITY; (4) OPEN DESIGN, WHICH RELIES ON THE POSSESSION OF SPECIFIC KEYS OR PASSWORDS FOR ACCESS, RATHER THAN SECRECY OF DESIGN; (5) SEPARATION OF PRIVILEGE, WHICH REQUIRES TWO KEYS HELD BY SEPARATE PERSONS FOR SYSTEM ACCESS; (6) LEAST PRIVILEGE, WHICH PROVIDES THAT EVERY PROGRAM AND USER OF THE SYSTEM MUST OPERATE USING THE LEAST SET OF PRIVILEGES NECESSARY TO COMPLETE THE JOB; (7) LEAST COMMON MECHANISM, WHICH MINIMIZES THE AMOUNT OF MECHANISM COMMON TO MORE THAN ONE USER AND DEPENDED ON BY ALL USERS; AND (8) PSYCHOLOGICAL ACCEPTABILITY, WHICH MAKES IT ESSENTIAL THAT THE HUMAN INTERFACE BE DESIGNED FOR EASE OF USE, SO THAT USERS ROUTINELY AND AUTOMATICALLY APPLY THE PROTECTION MECHANISMS CORRECTLY. THE TECHNICAL BASIS OF INFORMATION PROTECTION IN MODERN COMPUTER SYSTEMS IS DISCUSSED, AND IS ILLUSTRATED BY DIAGRAMS. THE SECOND MAJOR SECTION OF THE PRESENTATION IS DEVOTED TO DESCRIPTOR-BASED PROTECTION SYSTEMS, WITH DISCUSSIONS OF THE FOLLOWING TOPICS: SEPARATION OF ADDRESSING AND PROTECTION, THE CAPABILITY SYSTEM, THE ACCESS CONTROL LIST SYSTEM, PROTECTING OBJECTS OTHER THAN SEGMENTS, AND PROTECTED OBJECTS AND DOMAINS. A SECTION ON THE STATE-OF-THE-ART REVIEW CONSIDERS IMPLEMENTATIONS OF PROTECTION MECHANISMS AND CURRENT RESEARCH DIRECTIONS. TABLES, DIAGRAMS, REFERENCES AND A GLOSSARY ARE PROVIDED. (RCB)