CHAPTER 8

Patterns for Secure Execution and File Management

The severity of the laws prevents their execution.

Charles de Montesquieu

8.1 Introduction

In this chapter we present patterns for the secure execution of processes:

VIRTUAL ADDRESS SPACE ACCESS CONTROL. How can we control access by processes to specific areas of their virtual address space (VAS) according to a set of predefined access types? Divide the VAS into segments that correspond to logical units in the programs. Use special words (descriptors) to represent access rights for these segments.
EXECUTION DOMAIN. How can we define an execution environment for processes, indicating explicitly all the resources a process can use during its execution, as well as the type of access for the resources? Attach a set of descriptors to the process that represent the rights of the process.
CONTROLLED EXECUTION DOMAIN. How can we define an execution environment for processes? Attach a set of descriptors to each process that represents the rights of the process. Use the Reference Monitor pattern to enforce access.
VIRTUAL ADDRESS SPACE ...

Get Security Patterns in Practice: Designing Secure Architectures Using Software Patterns now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.