Secure Program Protection

A.

A protection domain consists of the execution and memory space assigned to each process.

The purpose of establishing a protection domain is to protect programs from all unauthorized modification or executional interference.

The security perimeter is the boundary that separates the Trusted Computing Base (TCB) from the remainder of the system.

Security labels are assigned to resources to denote a type of classification.

Abstraction is a way to protect resources in the fact that it involves viewing system components at a high level and ignoring its specific details, thus performing information hiding.

Source: KRUTZ, Ronald L.

& VINES, Russel.

D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, John Wiley & Sons, 2001, Chapter 5: Security Architecture and Models (page 193).

The answer to the question is A. A protection domain.

A protection domain is a security mechanism used to protect programs and data from unauthorized modification or executional interference. Protection domains define a set of resources and privileges that are associated with a program or process. Each program or process is assigned a protection domain that determines the resources and privileges that it can access.

A protection domain typically includes an access control mechanism that limits access to resources and privileges to only those programs or processes that are authorized to use them. For example, a protection domain might specify that only a certain user or group of users can access a particular file or database.

A protection domain can also include other security mechanisms such as encryption, authentication, and auditing. Encryption is used to protect sensitive data from unauthorized access by encrypting it before it is stored or transmitted. Authentication is used to ensure that only authorized users can access resources and privileges. Auditing is used to monitor and record system activity to detect and investigate security incidents.

In contrast, a security perimeter is a boundary that separates trusted and untrusted networks or systems. Security perimeters are used to prevent unauthorized access to a network or system. Security labels are used to enforce security policies and control access to resources based on the sensitivity or classification of the data. Abstraction is a concept used in computer science to simplify complex systems by hiding unnecessary details and exposing only relevant information.

Therefore, among the given options, the most appropriate mechanism to protect programs from all unauthorized modification or executional interference is a protection domain.