Page 643 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 643

Essential Security Protection Mechanisms


               The need for security mechanisms within an operating system comes
               down to one simple fact: software should not be trusted. Third-party
               software is inherently untrustworthy, no matter who or where it comes

               from. This is not to say that all software is evil. Instead, this is a
               protection stance—because all third-party software is written by
               someone other than the OS creator, that software might cause
               problems. Thus, treating all non-OS software as potentially damaging
               allows the OS to prevent many disastrous occurrences through the use

               of software management protection mechanisms. The OS must employ
               protection mechanisms to keep the computing environment stable and
               to keep processes isolated from each other. Without these efforts, the
               security of data could never be reliable or even possible.

               Computer system designers should adhere to a number of common
               protection mechanisms when designing secure systems. These
               principles are specific instances of the more general security rules that

               govern safe computing practices. Designing security into a system
               during the earliest stages of development will help ensure that the
               overall security architecture has the best chance for success and
               reliability. In the following sections, we’ll divide the discussion into
               two areas: technical mechanisms and policy mechanisms.


               Technical Mechanisms


               Technical mechanisms are the controls that system designers can
               build right into their systems. We’ll look at five: layering, abstraction,
               data hiding, process isolation, and hardware segmentation.


               Layering

               By layering processes, you implement a structure similar to the ring
               model used for operating modes (and discussed earlier in this chapter)

               and apply it to each operating system process. It puts the most
               sensitive functions of a process at the core, surrounded by a series of
               increasingly larger concentric circles with correspondingly lower
               sensitivity levels (using a slightly different approach, this is also
   638   639   640   641   642   643   644   645   646   647   648