Page 553 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 553

word processor process, and the software chooses which thread it
               works on at any given moment.

               Symmetric multiprocessing systems use threading at the operating

               system level. As in the word processing example just described, the
               operating system also contains a number of threads that control the
               tasks assigned to it. In a single-processor system, the operating system
               (OS) sends one thread at a time to the processor for execution. SMP
               systems send one thread to each available processor for simultaneous

               execution.


               Processing Types

               Many high-security systems control the processing of information
               assigned to various security levels, such as the classification levels of
               unclassified, sensitive, confidential, secret, and top secret that the U.S.
               government assigns to information related to national defense.
               Computers must be designed so that they do not—ideally, so that they
               cannot—inadvertently disclose information to unauthorized recipients.

               Computer architects and security policy administrators have

               addressed this problem at the processor level in two different ways.
               One is through a policy mechanism, whereas the other is through a
               hardware solution. The following list explores each of those options:

               Single State Single-state systems require the use of policy
               mechanisms to manage information at different levels. In this type of
               arrangement, security administrators approve a processor and system
               to handle only one security level at a time. For example, a system

               might be labeled to handle only secret information. All users of that
               system must then be approved to handle information at the secret
               level. This shifts the burden of protecting the information being
               processed on a system away from the hardware and operating system
               and onto the administrators who control access to the system.

               Multistate Multistate systems are capable of implementing a much
               higher level of security. These systems are certified to handle multiple

               security levels simultaneously by using specialized security
               mechanisms such as those described in the next section, “Protection
               Mechanisms.” These mechanisms are designed to prevent information
   548   549   550   551   552   553   554   555   556   557   558