Security Protection Mechanisms
Technical mechanisms are controlling system designers can build right into
their systems
Layering - layering processes like a ring model used for operating
models and applying it to each operating system - it puts the most
sensitive functions at the core
Abstraction - fundamental principle behind object-oriented
programming - black box doctrine that says users of an object don't
necessarily need to know the details of how the object works
Data Hiding - important in multilevel secure systems - desire to make
sure those who have a need to know
Process isolation - requires that the operating system provide separate
memory spaces for each process’s instructions and data
Hardware segmentation - prevents the access of information that
belongs to a different process
Principle of Least Privilege - users only have a minimal amount of privilege
needed to perform their task
Separation of Privilege - granular access privileges
Accountability - enforces individual accountability, like signing in a logbook,
authentication
Technical mechanisms are controlling system designers can build right into
their systems
Layering - layering processes like a ring model used for operating
models and applying it to each operating system - it puts the most
sensitive functions at the core
Abstraction - fundamental principle behind object-oriented
programming - black box doctrine that says users of an object don't
necessarily need to know the details of how the object works
Data Hiding - important in multilevel secure systems - desire to make
sure those who have a need to know
Process isolation - requires that the operating system provide separate
memory spaces for each process’s instructions and data
Hardware segmentation - prevents the access of information that
belongs to a different process
Principle of Least Privilege - users only have a minimal amount of privilege
needed to perform their task
Separation of Privilege - granular access privileges
Accountability - enforces individual accountability, like signing in a logbook,
authentication
