Patterns for Secure Execution and File Management
The severity of the laws prevents their execution.
Charles de Montesquieu
In this chapter we present patterns for the secure execution of processes:
VIRTUAL ADDRESS SPACE ACCESS CONTROL
. How can we control access by processes to specific areas of their virtual address space (VAS) according to a set of predefined access types? Divide the VAS into segments that correspond to logical units in the programs. Use special words (descriptors
) to represent access rights for these segments.
. How can we define an execution environment for processes, indicating explicitly all the resources a process can use during its execution, as well as the type of access for the resources? Attach a set of descriptors to the process that represent the rights of the process.
CONTROLLED EXECUTION DOMAIN
. How can we define an execution environment for processes? Attach a set of descriptors to each process that represents the rights of the process. Use the Reference Monitor pattern to enforce access.
VIRTUAL ADDRESS SPACE ...