Question: The VMS scheme discussed in the preceding problem is often referred to as a ring protection structure, as illustrated in Figure. Indeed, the simple kernel/user scheme is a two-ring structure.
A disadvantage of a ring-structured access control system is that it violates the principle of least privilege. For example if we wish to have an object accessible in ring X but not ring Y, this requires that X 6 Y. Under this arrangement all objects accessible in ring X are also accessible in ring Y.
a. Explain in more detail what the problem is and why least privilege is violated.
b. Suggest a way that a ring-structured operating system can deal with this problem.