A Security Kernel is defined as a strict implementation of a reference monitor mechanism responsible for enforcing a security policy.To be secure, the kernel must meet three basic conditions, what are they?
Click on the arrows to vote for the correct answer
A. B. C. D.D.
A security kernel is responsible for enforcing a security policy.
It is a strict implementation of a reference monitor mechanism.
The architecture of a kernel operating system is typically layered, and the kernel should be at the lowest and most primitive level.
It is a small portion of the operating system through which all references to information and all changes to authorizations must pass.
In theory, the kernel implements access control and information flow control between implemented objects according to the security policy.
To be secure, the kernel must meet three basic conditions: completeness (all accesses to information must go through the kernel), isolation (the kernel itself must be protected from any type of unauthorized access), and verifiability (the kernel must be proven to meet design specifications)
The reference monitor, as noted previously, is an abstraction, but there may be a reference validator, which usually runs inside the security kernel and is responsible for performing security access checks on objects, manipulating privileges, and generating any resulting security audit messages.
A term associated with security kernels and the reference monitor is the trusted computing base (TCB)
The TCB is the portion of a computer system that contains all elements of the system responsible for supporting the security policy and the isolation of objects.
The security capabilities of products for use in the TCB can be verified through various evaluation criteria, such as the earlier Trusted Computer System Evaluation Criteria (TCSEC) and the current Common Criteria standard.
Many of these security termsreference monitor, security kernel, TCBare defined loosely by vendors for purposes of marketing literature.
Thus, it is necessary for security professionals to read the small print and between the lines to fully understand what the vendor is offering in regard to security features.
TIP FOR THE EXAM: The terms Security Kernel and Reference monitor are synonymous but at different levels.
As it was explained by Diego: While the Reference monitor is the concept, the Security kernel is the implementation of such concept (via hardware, software and firmware means)
The two terms are the same thing, but on different levels: one is conceptual, one is "technical" The following are incorrect answers: Confidentiality, Integrity, and Availability Policy, mechanism, and assurance Isolation, layering, and abstraction Reference(s) used for this question: Hernandez CISSP, Steven (2012-12-21)
Official (ISC)2 Guide to the CISSP CBK, Third Edition ((ISC)2 Press) (Kindle Locations 13858-13875)
Auerbach Publications.
Kindle Edition.
The correct answer is B: Policy, mechanism, and assurance.
Explanation:
A security kernel is a part of an operating system or a software system that enforces a security policy by providing a reference monitor mechanism. It is responsible for mediating all access to system resources and ensuring that only authorized actions are permitted. To be considered secure, a security kernel must meet three basic conditions:
Policy: The security kernel must enforce a security policy that accurately reflects the security requirements of the system. The policy must be specified in a way that is unambiguous, complete, and consistent.
Mechanism: The security kernel must provide a reference monitor mechanism that mediates all access to system resources. The reference monitor must be tamper-proof and enforce the security policy correctly.
Assurance: The security kernel must be designed and implemented in a way that provides assurance that it meets the security policy and mechanism requirements. This assurance can be achieved through various means, such as formal verification, testing, and evaluation against security standards.
Option A, confidentiality, integrity, and availability, are common security objectives or goals, but they do not specifically relate to the three basic conditions of a security kernel.
Option C, isolation, layering, and abstraction, are important concepts in operating system design but do not represent the three basic conditions of a security kernel.
Option D, completeness, isolation, and verifiability, are also important properties of a security kernel but do not specifically represent the three basic conditions.