Ví dụ, một mô hình có thể lưu trữ các quy tắc truy cập cho một chủ đề một cách lý thuyết thiết: X người sử dụng là cho phép truy cập vào {A, B, C, D, E} thông qua một quy tắc, nhưng từ chối truy cập {C, D} thông qua khác. Chúng ta phải tính toán sự khác biệt giữa hai nguyên tắc | Code Review 115 function requires relinking the code which might not be an option. Incidentally FreeBSD is the core for the new Mac X OS kernel which also comes with open-source versions of secure shell using OpenSSH and SSL support using OpenSSL . This situation might mean that Apple s new OS represents a leap in PC security and reliability or maybe not . Sentinel There are several compile-time solutions to stack overflow problems. StackGuard implements a Sentinel-based overflow protection solution. StackGuard uses a compiler extension that adds stack-bounds checks to the generated code. Function calls in code compiled with StackGuard are modified to first insert a sentinel word called a canary onto the stack before the return address. All exploits that use sequential writing of bytes to write down the user stack until the return address is overrun must first cross the canary value. The canary is chosen at random to prevent attacks that guess the canary. Before the function returns the canary is checked and if modified the program terminates. StackGuard will not protect against attacks that can skip over the canary word. Such exploits are believed to be very difficult to construct. Layer Layers are used to separate concerns. The user stack is essentially a collection of vertically layered stack frames each containing two kinds of elements. Local variables and parameters that will change during the stack frame s life. The frame pointers and return addresses which should not change. Layers can be implemented at a fine level separating data elements within the stack frame. Separating the data elements within the stack frame based on this division creates a fine-level separation of concerns. Consider Figure which shows this layered solution to buffer overflows. One solution is to reserve the stack for return addresses only and force all variables to be dynamically allocated. This solution has performance problems and is infeasible in cases where the source is .