Secure Computing Systems: Logical Form of Separation

Logical Form of Separation Used by Secure Computing Systems

Prev Question Next Question

Question

Which of the following describes a logical form of separation used by secure computing systems?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

B.

Source: TIPTON, Hal, (ISC)2, Introduction to the CISSP Exam presentation.

The logical form of separation used by secure computing systems is a method of enforcing access control in which processes are constrained so that each cannot access objects outside its permitted domain. This is described by option B in the given answers.

This method is commonly referred to as "domain separation" or "domain isolation" and is a critical component of a secure computing system. The concept behind domain separation is that each process is assigned a domain or "sandbox" that limits its access to only the resources and data that are necessary for its operation. By enforcing these constraints, domain separation can help prevent malicious or accidental access to sensitive data and resources.

Option A, which describes using different levels of security for input and output devices, is a form of physical separation rather than logical separation. This approach may be used to limit the exposure of sensitive data to external devices, but it is not a comprehensive method for enforcing access control.

Option C, which describes concealing data and computations to inhibit access by outside processes, is a form of obfuscation rather than separation. While obfuscation techniques may be used to make it more difficult for attackers to understand or exploit a system, they do not provide the same level of protection as true access control mechanisms.

Option D, which describes granting access based on the granularity of controlled objects, is a potential aspect of access control but does not specifically describe a logical form of separation. Access control mechanisms may be used in conjunction with domain separation to further refine the level of access granted to individual processes.