What is a PRIMARY reason for designing the security kernel to be as small as possible?

What is a PRIMARY reason for designing the security kernel to be as small as possible?

What is a PRIMARY reason for designing the security kernel to be as small as possible?

A.
The operating system cannot be easily penetrated by users.

B.
Changes to the kernel are not required as frequently.

C.
Due to its compactness, the kernel is easier to formally verify.

D.
System performance and execution are enhanced.

Explanation:
I disagree with the original answer which was B (changes to the kernel) and think it
is C (Due to its compactness). However, use your best judgment based on knowledge and
experience. Below is why I think it is C.
“There are three main requirements of the security kernel:

It must provide isolation for the processes carrying out the reference monitor concept and they
must be tamperproof.
The reference monitor must be invoked for every access attempt and must be impossible to
circumvent. Thus the reference monitor must be implemented in a complete and foolproof way.
It must be small enough to be able to be tested and verified in a complete and comprehensive
manner.” – Shon Harris All-in-one CISSP Certification Guide pg 232-233

Show Hint

Leave a Reply 2

Your email address will not be published. Required fields are marked *

Jamal Ahmed

Jamal Ahmed

check

Reply

Ahmed

Ahmed

The Shon Harris quote does not show clearly that the answer is C. It could be D too as every OS maker wants its system to be nimble and quick performing, esp Microsoft’s target is for its new OS to be faster than the previous one..

Reply