Isolation
Isolation denotes the possibility of limiting the consequences of possible security violations by preventing them from affecting other system elements. Isolation is achieved by splitting hardware and software into modules that operate independently from one another (that is, in isolation). Isolation may require duplication of some hardware/software modules. Isolation relies on the multiple-space-based method and on the virtual-machine-based method.
The multiple-space method exploits a virtual main memory for each system user. Main memory areas and user programs, shared among several users, are duplicated; the OS, the system programs and auxiliary memory devices are not duplicated. The uniformity of protection mechanisms is guaranteed by the existence of a unique copy of the OS; however, attempts to violate protection mechanisms do not avoid potential damage to all the user memory areas.
Using the method based on the concept of virtual machine, different work environments can coexist on the same computer: groups of users operate in their environment in isolation. Through a control program, which is a monitor of the virtual machine, copies (virtual machines) of the same system are emulated, each working in an isolated environment. User programs and related files within the environment are separated (isolated) from other users. The system software and the hardware devices are replicated. Each element embeds its own protection requirements such that possible violation attempts within one environment do not affect other work environments.
The advantage of virtual machine techniques is that different environments can share the same machine, each employing different protection requirements and resource handling-policies. Moreover, damage is restricted in that the effects of failures or violations to security mechanisms are not propagated. No object sharing is allowed because isolation avoids the risk of program communication.
Answer the questions:
1.How is isolation achieved? 2.What does isolation rely on?