Process isolation

Process isolation

Process isolation is a set of different hardware and software technologies[1] designed to protect each operating system process from other processes. It does so by preventing process A from writing into process B.

Process isolation can be implemented by with virtual address space, where process A's address space is different from process B's address space - preventing A to write into B.

Security is easier to enforce by disallowing inter-process memory access, than compared to less secure architectures (such as DOS) in which any process can write to any memory in any other process [2])

Contents

Limited inter processes communication

In a system with process isolation, processes may still be allowed limited (controlled) interaction between processes, if processes mutually accept to collaborate over inter-process communication (IPC) channels such as shared memory, local sockets or Internet sockets. In this scheme almost all of the process' memory is isolated from other processes, except in the variables/memory where the process is allowing input from collaborating processes.

System polices may disallow IPC in some circumstances. For example in Mandatory access control systems, subjects with different sensitivity levels may not be allowed to communicate with each other.

In web browsers

Internet Explorer 4 used process isolation in order to allow separate windowed instances of the browser their own processes; however, at the height of the browser wars, this was dropped in subsequent versions to compete with Netscape Navigator (which sought to concentrate upon one process for the entire Internet suite). This idea of process-per-instance would not be revisited until a decade afterward, when tabbed browsing became more commonplace.

In Google Chrome's "Multi-Process Architecture"[3] and Internet Explorer 8's "Loosely Coupled IE (LCIE)"[4], tabs containing webpages are contained within their own semi-separate OS-level processes which are isolated from the core process of the browser so as to prevent the crash of one tab/page from crashing the entire browser. This method (known popularly as multiprocess or process-per-tab), meant to both manage memory and processing by allowing offending tabs to crash separately from the browser and other tabs and manage security, has proven controversial since its introduction in both browsers in 2008, although the developers of Mozilla Firefox have considered instituting the feature in future versions of the browser by at least Q4 2010[5][6].

Browsers with process isolation
  • Google Chrome
  • Internet Explorer 8
  • Safari
  • Stainless
  • Mozilla Firefox

Related technologies

References

  1. ^ Deconstructing Process Isolation. Aiken, Mark, Fähndrich, Manuel, Hawblitzel, Chris, Hunt, Galen, Larus, James R. Microsoft Research. Oct. 2006[1]
  2. ^ All in one CISSP Exam Guide, 3rd Edition, Shon Harris
  3. ^ Multi-process Architecture, Chromium Blog, Thursday, September 11, 2008
  4. ^ IE8 and Loosely-Coupled IE (LCIE), by Andy Zeigler, Tuesday, March 11, 2008
  5. ^ Content Processes
  6. ^ Multi-process Firefox, coming to an Internets near you

Wikimedia Foundation. 2010.

Игры ⚽ Поможем решить контрольную работу

Look at other dictionaries:

  • Process management (computing) — Operating systems …   Wikipedia

  • Isolation (film) — Isolation is a 2005 Irish horror film directed and written by Billy O Brien and produced by LionsGate Film Studios.PlotIsolation involves five experimentalists roaming in an isolated farmland in Ireland. When they arrive, they begin an experiment …   Wikipedia

  • isolation — ► NOUN ▪ the process or fact of isolating or being isolated. ● in isolation Cf. ↑in isolation …   English terms dictionary

  • Isolation (album) — Infobox Album | Name = Isolation Type = Album Artist = Toto Released = November 1984 Recorded = 1984 (?) Genre = Pop rock Length = 41:42 Label = Columbia Producer = Toto Reviews = * Allmusic (3/5) [http://www.allmusic.com/cg/amg.dll?p=amg… …   Wikipedia

  • Process flow diagram — A process flow diagram (PFD) is a diagram commonly used in chemical and process engineering to indicate the general flow of plant processes and equipment. The PFD displays the relationship between major equipment of a plant facility and does not… …   Wikipedia

  • Isolation mittels vergrabenem Oxid — izoliavimo paslėptuoju oksidu technologija statusas T sritis radioelektronika atitikmenys: angl. buried oxide isolation process vok. Isolation mittels vergrabenem Oxid, f rus. технология изоляции углублённым оксидом, f pranc. procédé d isolation… …   Radioelektronikos terminų žodynas

  • isolation — /uy seuh lay sheuhn, is euh /, n. 1. an act or instance of isolating. 2. the state of being isolated. 3. the complete separation from others of a person suffering from contagious or infectious disease; quarantine. 4. the separation of a nation… …   Universalium

  • isolation — 1. In microbiology, separation of an organism from others, usually by making serial cultures. 2. Separation for the period of communicability of infected persons or animals from others, so as to prevent or limit the direct or indirect… …   Medical dictionary

  • isolation d'oxyde — oksidinis izoliavimas statusas T sritis radioelektronika atitikmenys: angl. oxide isolation; oxide isolated process vok. Oxidisolation, f rus. изоляция оксидом, f; окисное изолирование, n; оксидная изоляция, f pranc. isolation d oxyde, f;… …   Radioelektronikos terminų žodynas

  • isolation par oxyde — oksidinis izoliavimas statusas T sritis radioelektronika atitikmenys: angl. oxide isolation; oxide isolated process vok. Oxidisolation, f rus. изоляция оксидом, f; окисное изолирование, n; оксидная изоляция, f pranc. isolation d oxyde, f;… …   Radioelektronikos terminų žodynas

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”