Esc
Execution Isolation
Definition
Execution Isolation techniques prevent application processes from accessing non-essential system resources, such as memory, devices, or files.
loading...
Technique Subclasses
There are 8 techniques in this category, Execution Isolation.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Execution Isolation | D3-EI | Execution Isolation techniques prevent application processes from accessing non-essential system resources, such as memory, devices, or files. | |
| - Executable Allowlisting | D3-EAL | Using a digital signature to authenticate a file before opening. | File Signature Authentication |
| - Executable Denylisting | D3-EDL | Blocking the execution of files on a host in accordance with defined application policy rules. | Executable Blacklisting |
| - Mandatory Access Control | D3-MAC | Controlling access to local computer system resources with kernel-level capabilities. | |
| - Hardware-based Process Isolation | D3-HBPI | Preventing one process from writing to the memory space of another process through hardware based address manager implementations. | Virtualization |
| - IO Port Restriction | D3-IOPR | Limiting access to computer input/output (IO) ports to restrict unauthorized devices. | |
| - Kernel-based Process Isolation | D3-KBPI | Using kernel-level capabilities to isolate processes. | |
| - System Call Filtering | D3-SCF | Configuring a kernel to use an allow or deny list to filter kernel api calls. |
loading...
D3FEND™
A knowledge graph of cybersecurity countermeasures