Please enable JavaScript.
Coggle requires JavaScript to display documents.
2 - Techniques for Ensuring CIA - Coggle Diagram
2 - Techniques for Ensuring CIA
Confinement / sandboxing
Process confinement allows a process to read from and write to only certain memory location and resources.
Goal: to prevent data leakage to unauthorized programs, users, or systems.
Make sure that an active process can only access specific resources (such as memory)
Bounds
Each process that runs on a system is assigned an authority level telling the OS what the process can do
Ex: user and kernel authority levels
Physically bounded memory is an expensive option
Limitation of authorization assigned to a process to limit the resources the process can interact with and the types of interactions allowed
Isolation
Used to protect the operating environment, the kernel of the operating system, and other independent applications.
Means by which confinement is implemented through the use of bounds
Isolation is what prevents an application from accessing the memory or resources of another application, whether for good or ill.
Isolation allows for a fail-soft environment so that separate processes can operate normally or fail/crash without interfering or affecting other processes.
Access controls
Allow subjects to access only authorized objects
Trust and Assurance
A trusted system is one in which all protection mechanisms work together to process sensitive data for many types of users while maintaining a stable and secure computing environment.
Assurance is the degree of confidence in the satisfaction of security needs