2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet360/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   356   357   358   359   360   361   362   363   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Technical Mechanisms
Technical mechanisms are the controls that system designers can build right into their sys-
tems. We’ll look at five: layering, abstraction, data hiding, process isolation, and hardware 
segmentation.
Layering
By 
layering
processes, you implement a structure similar to the ring model used for oper-
ating modes (and discussed earlier in this chapter) and apply it to each operating system 
process. It puts the most sensitive functions of a process at the core, surrounded by a series 
of increasingly larger concentric circles with correspondingly lower sensitivity levels (using 
a slightly different approach, this is also sometimes explained in terms of upper and lower 
layers, where security and privilege decrease when climbing up from lower to upper lay-
ers). In discussions of OS architectures, the protected ring concept is common, and it is not 
exclusive. There are other ways of representing the same basic ideas with levels rather than 
rings. In such a system, the highest level is the most privileged, while the lowest level is the 
least privileged.
levels Compared to rings
Many of the features and restrictions of the protecting ring concept apply also to a mul-
tilayer or multilevel system. Think about a high-rise apartment building. The low-rent 
apartments are often found in the lower floors. As you reach the middle floors, the apart-
ments are often larger and offer better views. Finally, the top floor (or floors) is the most 
lavish and expensive (often deemed the penthouse). Usually, if you are living in a low-
rent apartment in the building, you are unable to ride the elevators any higher than the 
highest floor of the low-rent apartments. If you are a middle-floor apartment resident, 
you can ride the elevators everywhere except to the penthouse floor(s). And if you are a 

Essential Security Protection Mechanisms 
381
penthouse resident, you can ride the elevators anywhere you want to go. You may also 
find this floor restriction system in office buildings and hotels. You may also have an 
elevator that operates directly between the lowest level and the penthouse level, thus 
bypassing all lower levels. However, if the direct elevator is breached, the other layers of 
protection are of no value.
The top of a layered or multilevel system is the same as the center ring of a protection 
ring scheme. Likewise, the bottom of a layered or multilevel system is the same as the 
outer ring of a protection ring scheme. In terms of protection and access concepts, 
levels

layers
, and 
rings
are similar. The term 
domain
(that is, a collection of objects with a singu-
lar characteristic) might also be used.
Communication between layers takes place only through the use of well-defined, specific 
interfaces to provide necessary security. All inbound requests from outer (less-sensitive) lay-
ers are subject to stringent authentication and authorization checks before they’re allowed 
to proceed (or denied, if they fail such checks). Using layering for security is similar to using 
security domains and lattice-based security models in that security and access controls over 
certain subjects and objects are associated with specific layers and privileges and that access 
increases as you move from outer to inner layers.
In fact, separate layers can communicate only with one another through specific inter-
faces designed to maintain a system’s security and integrity. Even though less secure outer 
layers depend on services and data from more secure inner layers, they know only how to 
interface with those layers and are not privy to those inner layers’ internal structure, char-
acteristics, or other details. So that layer integrity is maintained, inner layers neither know 
about nor depend on outer layers. No matter what kind of security relationship may exist 
between any pair of layers, neither can tamper with the other (so that each layer is pro-
tected from tampering by any other layer). Finally, outer layers cannot violate or override 
any security policy enforced by an inner layer.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   356   357   358   359   360   361   362   363   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish