olemus
igale aktiivolemile eraldi turvaala loomine ja käigushoid, nii et ükski olem ei saa juurdepääsu teise domeeni ressurssidele
=
creation of separate security domains for each active entity to operate on its resources, and keeping those domains
separated from one another so that no entity can run in the domain of any other

ülevaateid
https://mlhale.github.io/nebraska-gencyber-modules/intro_to_first_principles/README/

https://www.sogis.eu/documents/cc/domains/sc/JIL-Security-Architecture-requirements-(ADV_ARC)-v2-1.pdf

https://www.commoncriteriaportal.org/iccc/9iccc/pdf/C2405.pdf

https://www.ipa.go.jp/security/jisec/apdx/documents/SecurityArchitectureGuide_e.pdf

vt ka
- kohustuste lahusus