Database management systems can maintain separate execution domains for each executing process by assigning each process a separate address space. Each process has a distinct address space so that communication between processes is controlled through the security functions, and one process cannot modify the executing code of another process. Maintaining separate execution domains for executing processes can be achieved, for example, by implementing separate address spaces. This requirement also applies to Zero Trust initiatives.
Review the DBMS architecture to find out if and how it protects the private resources of one process (such as working memory, temporary tables, uncommitted data and, especially, executable code) from unauthorized access or modification by another user or process. If it is not capable of maintaining a separate execution domain for each executing process, this is a finding. If the DBMS is capable of maintaining a separate execution domain for each executing process, but is configured not to do so, this is a finding.
Deploy a DBMS capable of maintaining a separate execution domain for each executing process. If this is a configurable feature, configure the DBMS to implement it.