Page 539 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 539
exceed when reading or writing. Isolation is the mode a process runs
in when it is confined through the use of memory bounds.
Be able to define object and subject in terms of access. The
subject is the user or process that makes a request to access a resource.
The object is the resource a user or process wants to access.
Know how security controls work and what they do. Security
controls use access rules to limit the access by a subject to an object.
Be able to list the classes of TCSEC, ITSEC, and the Common
Criteria. The classes of TCSEC include verified protection,
mandatory protection, discretionary protection, and minimal
protection. Table 8.4 covers and compares equivalent and applicable
rankings for TCSEC, ITSEC, and the CC (remember that functionality
ratings from F7 to F10 in ITSEC have no corresponding ratings in
TCSEC).
Define a trusted computing base (TCB). A TCB is the
combination of hardware, software, and controls that form a trusted
base that enforces the security policy.
Be able to explain what a security perimeter is. A security
perimeter is the imaginary boundary that separates the TCB from the
rest of the system. TCB components communicate with non-TCB
components using trusted paths.
Know what the reference monitor and the security kernel
are. The reference monitor is the logical part of the TCB that confirms
whether a subject has the right to use a resource prior to granting
access. The security kernel is the collection of the TCB components
that implement the functionality of the reference monitor.
Understand the security capabilities of information systems.
Common security capabilities include memory protection,
virtualization, and Trusted Platform Module (TPM).
