Page 554 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 554

from crossing between security levels. One user might be using a
               multistate system to process secret information, while another user is

               processing top-secret information at the same time. Technical
               mechanisms prevent information from crossing between the two users
               and thereby crossing between security levels.

               In actual practice, multistate systems are relatively uncommon owing
               to the expense of implementing the necessary technical mechanisms.
               This expense is sometimes justified; however, when you’re dealing

               with a very expensive resource, such as a massively parallel system,
               the cost of obtaining multiple systems far exceeds the cost of
               implementing the additional security controls necessary to enable
               multistate operation on a single such system.


               Protection Mechanisms

               If a computer isn’t running, it’s an inert lump of plastic, silicon, and
               metal doing nothing. When a computer is running, it operates a
               runtime environment that represents the combination of the operating

               system and whatever applications may be active. When running, the
               computer also has the capability to access files and other data as the
               user’s security permissions allow. Within that runtime environment,
               it’s necessary to integrate security information and controls to protect
               the integrity of the operating system itself, to manage which users are
               allowed to access specific data items, to authorize or deny operations
               requested against such data, and so forth. The ways in which running

               computers implement and handle security at runtime may be broadly
               described as a collection of protection mechanisms. What follows are
               descriptions of various protection mechanisms such as protection
               rings, operational states, and security modes.




                          Because the ways in which computers implement and use

                  protection mechanisms are so important to maintaining and
                  controlling security, you should understand how all three
                  mechanisms covered here—rings, operational states, and security
                  modes—are defined and how they behave. Don’t be surprised to

                  see exam questions about specifics in all three areas because this is
   549   550   551   552   553   554   555   556   557   558   559