Which of the following provides the highest level of isolation? (Wentz QOTD)
C. Type II hypervisor
D. Preemptive multitasking
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. Type II hypervisor.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
Isolation from Sharing Resources
Isolation is “the ability to keep multiple instances of software separated so that each instance only sees and can affect itself.”
Source: NIST SP 800-190
Processes use various resources such as CPU, memory, storage, network, OS services, etc. To isolate a process so that it won’t affect others requires controlling access to the memory and other resources.
Bounds here imply the memory bounds imposed upon a process not to access memory segments that belong to others. It provides a basic level of isolation. Processes that share storage, CPU, network, and other resources may still result in race conditions competing for resources.
Containerization is application virtualization, wherein processes in containers are isolated from most resources but still share the same OS kernel.
Type II hypervisor
A type II hypervisor manages virtual machines (VM) running guest OSs based on a host operating system. Processes running on VMs with guest OSs are highly isolated. Two processes deployed on two VMs have a higher level of isolation than on containers.
Preemptive multitasking is not an isolation mechanism. However, it typically requires context switching that preserves the CPU state for threads. From this perspective, it can be treated as thread-level isolation in some way.
以下哪項提供了最高級別的隔離(isolation)？ (Wentz QOTD)
A. 界限 (Bounds)
B. 容器化 (Containerization)
C. 類型 II 管理程序 (hypervisor)
D. 先占式多任務處理 (Preemptive multitasking)