SC-39 Process Isolation

Baselines

Guidance

Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.

References 1

• SP 800-160-1 Ross RS, Oren JC, McEvilley M (2016) Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems. (National Institute of Standards and Technology, Gaithersburg, MD), NIST Special Publication (SP) 800-160, Vol. 1, Includes updates as of March 21, 2018.

Control Enhancements 2

• SC-39(01) Hardware Separation L M H P
• SC-39(02) Separate Execution Domain Per Thread L M H P

Related controls 8

• AC-03 Access Enforcement L M H P
• AC-04 Information Flow Enforcement L M H P
• AC-06 Least Privilege L M H P
• AC-25 Reference Monitor L M H P
• SA-08 Security and Privacy Engineering Principles L M H P
• SC-02 Separation of System and User Functionality L M H P
• SC-03 Security Function Isolation L M H P
• SI-16 Memory Protection L M H P