Another technique for perimeter checking is isolation, which keeps logically distinct functs apart, physically or logically. Physical spearation is the classic isolation approach; do not connect resources you wish to protect to the Internet and restrict physical access to the resources. WIthin modern context isolation can be interpreted as separation of computation functions into boundaries; based on their security sensitivity.
Example
- Virtual Machines share the same physical machine, then isolation is enforced by the system software execution of the physical machine.
- Memory, disk and networks can be shared in cloud invironments.
- Isolation of memory is performed using virtual memory techniques.
- Isolation of disk is performed using partitioning of disks.
- Isolation of network usage is performed by the network protocols used.