KasperskyOS Community Edition 1.0
English

Contents

HashSet security model

The HashSet security model lets you associate resources with one-dimensional tables of unique values of the same type, add or delete these values, and check whether a defined value is in the table. For example, an entity whose context includes a running network server can be associated with the set of ports that this server is allowed to open. This association can be used to check whether the server is allowed to initiate the opening of a port.

A PSL file containing a description of the HashSet security model is located in the KasperskyOS SDK at the following path:

toolchain/include/nk/hashmap.psl

In this section

HashSet security model object

HashSet security model init rule

HashSet security model fini rule

HashSet security model add rule

HashSet security model remove rule

HashSet security model contains expression
Page top
[Topic ssp_descr_security_models_hashset]

HashSet security model object

To use the HashSet security model, you need to create an object or objects of this model.

A HashSet security model object contains a pool of one-dimensional tables of the same size intended for storing the values of one type. A resource can be associated with only one table from the tables pool of each HashSet security model object.

A HashSet security model object has the following parameters:

  • type Entry – type of values in tables (these can be integer types, Boolean type, and dictionaries and tuples based on integer types and the Boolean type).
  • config – configuration of the pool of tables:
    • set_size – size of the table.
    • pool_size – number of tables in the pool.

All parameters of a HashSet security model object are required.

Example:

policy object S : HashSet {

type Entry = UInt32

config =

{ set_size : 5

, pool_size : 2

}

}

A HashSet security model object can be covered by a security audit. There are no audit completion conditions specific to the HashSet security model.

It is necessary to create multiple objects of the HashSet security model in the following cases:

  • You need to configure a security audit differently for different objects of the HashSet security model (for example, you can apply different audit profiles or different audit configurations of the same profile for different objects).
  • You need to distinguish between calls of methods provided by different objects of the HashSet security model (audit data includes the name of the security model method and the name of the object that provides this method, so you can verify that the method of a specific object was called).
  • You need to use tables of different sizes and/or with different types of values.
Page top
[Topic ssp_descr_security_models_hashset_object]

HashSet security model init rule

init {sid : <Sid>}

It associates a free table from the tables pool with the resource that has the security ID sid. If the free table contains values after its previous use, these values are deleted.

It returns the "allowed" result if an association was created between the table and the resource.

It returns the "denied" result in the following cases:

  • There are no free tables in the pool.
  • The resource with the security ID sid is already associated with a table from the tables pool of the HashSet security model object being used.
  • Security ID sid is out of the permissible range.

Example:

/* An entity of the Server class will be allowed to start if

* when initiating the startup, an association is created

* between this entity and the table. Otherwise the startup of

the Server-class entity will be denied. */

execute dst=Server {

S.init {sid : dst_sid}

}

Page top
[Topic ssp_descr_security_models_hashset_init]

HashSet security model fini rule

fini {sid : <Sid>}

It deletes the association between the table and the resource that has the security ID sid (the table becomes free).

It returns the "allowed" result if the association between the table and the resource was deleted.

It returns the "denied" result in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the HashSet security model object being used.
  • Security ID sid is out of the permissible range.
Page top
[Topic ssp_descr_security_models_hashset_fini]

HashSet security model add rule

add {sid : <Sid>, entry : <Entry>}

It adds the entry value to the table associated with the resource that has the security ID sid.

It returns the "allowed" result in the following cases:

  • The rule added the entry value to the table.
  • The table already contains the entry value.

It returns the "denied" result in the following cases:

  • The table is completely filled.
  • The resource with the security ID sid is not associated with a table from the tables pool of the HashSet security model object being used.
  • Security ID sid is out of the permissible range.

Example:

/* An entity of the Server class will receive the "allowed" decision

* from the Kaspersky Security Module by calling the method

* of the Add security interface if, when calling this

* method, the value 5 is added

* or is already in the table

* associated with this entity. Otherwise the entity of the Server class will receive

* the "denied" decision from the security module

* by calling the "Add" method of the security interface. */

security src=Server, method=Add {

S.add {sid : src_sid, entry : 5}

}

Page top
[Topic ssp_descr_security_models_hashset_add]

HashSet security model remove rule

remove {sid : <Sid>, entry : <Entry>}

It deletes the entry value from the table associated with the resource that has the security ID sid.

It returns the "allowed" result in the following cases:

  • The rule deleted the entry value from the table.
  • The table does not have the entry value.

It returns the "denied" result in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the HashSet security model object being used.
  • Security ID sid is out of the permissible range.
Page top
[Topic ssp_descr_security_models_hashset_remove]

HashSet security model contains expression

contains {sid : <Sid>, entry : <Entry>}

It checks whether the entry value is in the table associated with the resource that has the security ID sid.

It returns a value of the Boolean type. If the entry value is in the table, it returns true. Otherwise it returns false.

It runs incorrectly in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the HashSet security model object being used.
  • Security ID sid is out of the permissible range.

If the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Example:

/* An entity of the Server class will receive the "allowed" decision

* from the Kaspersky Security Module by calling the method

* of the Check security interface if the value 42

* is in the table associated with this entity.

* Otherwise the entity of the Server class will receive the "denied" decision

* from the security module by calling the method of the

* Check security interface. */

security src=Server, method=Check {

assert(S.contains {sid : src_sid, entry : 42})

}

Page top
[Topic ssp_descr_security_models_hashset_contains]