Systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each system process has a distinct address space so that communication between processes is performed in a manner controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. Process isolation technologies, including sandboxing or virtualization, logically separate software and firmware from other software, firmware, and data. Process isolation helps limit the access of potentially untrusted software to other system resources. The capability to maintain separate execution domains is available in commercial operating systems that employ multi-state processor technologies.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name |
|---|---|---|---|---|
| SC-39 | Process Isolation | Protects | T1003 | OS Credential Dumping |
| SC-39 | Process Isolation | Protects | T1003.001 | LSASS Memory |
| SC-39 | Process Isolation | Protects | T1003.002 | Security Account Manager |
| SC-39 | Process Isolation | Protects | T1003.003 | NTDS |
| SC-39 | Process Isolation | Protects | T1003.004 | LSA Secrets |
| SC-39 | Process Isolation | Protects | T1003.005 | Cached Domain Credentials |
| SC-39 | Process Isolation | Protects | T1003.006 | DCSync |
| SC-39 | Process Isolation | Protects | T1003.007 | Proc Filesystem |
| SC-39 | Process Isolation | Protects | T1003.008 | /etc/passwd and /etc/shadow |
| SC-39 | Process Isolation | Protects | T1068 | Exploitation for Privilege Escalation |