|
Process isolation is a set of different hardware and software technologies〔Deconstructing Process Isolation. Aiken, Mark, Fähndrich, Manuel, Hawblitzel, Chris, Hunt, Galen, Larus, James R. Microsoft Research. Oct. 2006 ()〕 designed to protect each process from other processes on the operating system. It does so by preventing process A from writing to process B. Process isolation can be implemented with virtual address space, where process A's address space is different from process B's address space - preventing A from writing onto B. Security is easier to enforce by disallowing inter-process memory access, than compared to less secure architectures (such as DOS) in which any process can write to any memory in any other process 〔All in one CISSP Exam Guide, 3rd Edition, Shon Harris〕) == Limited inter-process communication == In a system with process isolation, limited (controlled) interaction between processes may still be allowed over inter-process communication (IPC) channels such as shared memory, local sockets or Internet sockets. In this scheme, all of the process' memory is isolated from other processes except where the process is allowing input from collaborating processes. System polices may disallow IPC in some circumstances. For example, in mandatory access control systems, subjects with different sensitivity levels may not be allowed to communicate with each other. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Process isolation」の詳細全文を読む スポンサード リンク
|