The paper presents a formal model of protection mechanisms in computing systems, focusing on the "safety" problem, which involves determining whether a subject can acquire a particular right to an object. The authors demonstrate that while the safety problem is decidable for restricted cases of protection systems, it is generally undecidable for arbitrary systems under surprisingly weak assumptions. They provide an algorithm to decide safety for mono-operational protection systems, but show that this is not possible for more complex systems. The paper discusses the implications of these results, including the difficulty of verifying the safety of arbitrary configurations in arbitrary protection systems. The authors conclude by highlighting the need for further research into the properties that make a protection system safe and the potential for developing algorithms to handle specific classes of systems.The paper presents a formal model of protection mechanisms in computing systems, focusing on the "safety" problem, which involves determining whether a subject can acquire a particular right to an object. The authors demonstrate that while the safety problem is decidable for restricted cases of protection systems, it is generally undecidable for arbitrary systems under surprisingly weak assumptions. They provide an algorithm to decide safety for mono-operational protection systems, but show that this is not possible for more complex systems. The paper discusses the implications of these results, including the difficulty of verifying the safety of arbitrary configurations in arbitrary protection systems. The authors conclude by highlighting the need for further research into the properties that make a protection system safe and the potential for developing algorithms to handle specific classes of systems.