Process isolation
Process isolation is a set of different hardware and software technologies
Process isolation can be implemented with virtual address space, where process A's address space is different from process B's address space – preventing A from writing onto B.
Security is easier to enforce by disallowing inter-process memory access, in contrast with less secure architectures such as DOS in which any process can write to any memory in any other process.[2]
Limited inter-process communication
In a system with process isolation, limited (controlled) interaction between processes may still be allowed over
System policies may disallow IPC in some circumstances. For example, in mandatory access control systems, subjects with different sensitivity levels may not be allowed to communicate with each other. The security implications in these circumstances are broad and span applications in network key encryption systematics as well as distributed caching algorithms. Interface-defined protocols such as basic cloud access architecture and network sharing are similarly affected.[3]
Operating systems
Operating systems that support process isolation by providing separate address spaces for each process include:
Web browsers
In
Browsers with process isolation
- Google Chrome
- Internet Explorer 8 and later
- Safari
- Mozilla Firefox(default since 57)
- Maxthon
Programming languages
Erlang (programming language) is providing a similar concept in user space, by realizing strictly separated lightweight processes.
Related technologies
- Virtual memory and virtual address space allows for memory space isolation.
- Polyinstantiation allows mirrors of shared resources, where changes by process A will not be visible to process B.
See also
References
- .
- ^ All in one CISSP Exam Guide, 3rd Edition, Shon Harris
- .
- ^ "Multi-process Architecture". Chromium Blog. September 11, 2008.
- ^ Andy Zeigler (March 11, 2008). "IE8 and Loosely-Coupled IE (LCIE)". Archived from the original on March 13, 2010.