2 cissp ® Official Study Guide Eighth Edition

Chapter 9  ■ Security Vulnerabilities, Threats, and Countermeasures Ta b l e 9 .1 Comparing security modes Mode

Download 19,3 Mb. Pdf ko'rish bet 315/881 Sana 08.04.2023 Hajmi 19,3 Mb. #925879

332 Chapter 9  ■ Security Vulnerabilities, Threats, and Countermeasures Ta b l e 9 .1 Comparing security modes Mode Clearance Need to know PDMCL Dedicated Same None None System high Same Yes None Compartmented Same Yes Yes Multilevel Different Yes Yes Clearance is  Same if all users must have the same security clearances,  Different if otherwise. Need to Know is  None if it does not apply and is not used or if it is used but all users have the need to know all  data present on the system,  Yes if access is limited by need-to-know restrictions. PDMCL applies if and when CMW implementations are used ( Yes ); otherwise, PDMCL is  None . Operating Modes Modern processors and operating systems are designed to support multiuser environments  in which individual computer users might not be granted access to all components of a sys- tem or all the information stored on it. For that reason, the processor itself supports two  modes of operation: user mode and privileged mode. User Mode User mode is the basic mode used by the CPU when executing user applica- tions. In this mode, the CPU allows the execution of only a portion of its full instruction  set. This is designed to protect users from accidentally damaging the system through the  execution of poorly designed code or the unintentional misuse of that code. It also pro- tects the system and its data from a malicious user who might try to execute instructions  designed to circumvent the security measures put in place by the operating system or who  might mistakenly perform actions that could result in unauthorized access or damage to the  system or valuable information assets. Often processes within user mode are executed within a controlled environment called a  virtual machine (VM) . A virtual machine is a simulated environment created by the OS  to provide a safe and efficient place for programs to execute. Each VM is isolated from all  other VMs, and each VM has its own assigned memory address space that can be used by  the hosted application. It is the responsibility of the elements in privileged mode (aka kernel  mode) to create and support the VMs and prevent the processes in one VM from interfering  with the processes in other VMs. Download 19,3 Mb. Do'stlaringiz bilan baham: