The network device must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This boundary must provide separation between processes having different security levels. These processes are used by the hardware, software, and firmware of the network device to perform various functions. The network device application must maintain a separate execution domain (e.g., address space) for each executing process to minimize the risk of leakage or corruption of privileged information.
This control is normally a function of the network device application design and is usually not a configurable setting; however, there may be settings in some network device applications that must be configured to optimize function isolation. For most network devices, this function is a product of system design. |