KasperskyOS Community Edition 1.0
English

Contents

StaticMap security model

The StaticMap security model lets you associate resources with two-dimensional "key–value" tables, read and modify the values of keys. For example, an entity whose context includes a running driver can be associated with the MMIO memory region that this driver is allowed to use. This will require two keys whose values define the starting address and the size of the MMIO memory region. This association can be used to check whether the driver can call the MMIO memory region that it is attempting to access.

Keys in the table have the same type but are unique and immutable. The values of keys in the table have the same type.

There are two simultaneous instances of the table: base table and working table. Both instances are initialized by the same data. Changes are made first to the working instance and then can be added to the base instance, or vice versa: the working instance can be changed by using previous values from the base instance. The values of keys can be read from the base instance or working instance of the table.

A PSL file containing a description of the StaticMap security model is located in the KasperskyOS SDK at the following path:

toolchain/include/nk/staticmap.psl

In this section

StaticMap security model object

StaticMap security model init rule

StaticMap security model fini rule

StaticMap security model set rule

StaticMap security model commit rule

StaticMap security model rollback rule

StaticMap security model get expression

StaticMap security model get_uncommited expression
Page top
[Topic ssp_descr_security_models_staticmap]

StaticMap security model object

To use the StaticMap security model, you need to create an object or objects of this model.

A StaticMap security model object contains a pool of two-dimensional "key–value" tables that have the same size. A resource can be associated with only one table from the tables pool of each StaticMap security model object.

A StaticMap security model object has the following parameters:

  • type Value – type of values of keys in tables (integer types are supported).
  • config – configuration of the pool of tables:
    • keys – table containing keys and their default values (keys have the Key = Text | List<UInt8> type).
    • pool_size – number of tables in the pool.

All parameters of a StaticMap security model object are required.

Example:

policy object M : StaticMap {

type Value = UInt16

config =

{ keys:

{ "k1" : 0

, "k2" : 1

}

, pool_size : 2

}

}

A StaticMap security model object can be covered by a security audit. There are no audit completion conditions specific to the StaticMap security model.

It is necessary to create multiple objects of the StaticMap security model in the following cases:

  • You need to configure a security audit differently for different objects of the StaticMap security model (for example, you can apply different audit profiles or different audit configurations of the same profile for different objects).
  • You need to distinguish between calls of methods provided by different objects of the StaticMap security model (audit data includes the name of the security model method and the name of the object that provides this method, so you can verify that the method of a specific object was called).
  • You need to use tables with different sets of keys and/or different types of key values.
Page top
[Topic ssp_descr_security_models_staticmap_object]

StaticMap security model init rule

init {sid : <Sid>}

It associates a free table from the tables pool with the resource that has the security ID sid. Keys are initialized by the default values.

It returns the "allowed" result if an association was created between the table and the resource.

It returns the "denied" result in the following cases:

  • There are no free tables in the pool.
  • The resource with the security ID sid is already associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.

Example:

/* An entity of the Server class will be allowed to start if

* when initiating the startup, an association is created

* between this entity and the table. Otherwise the startup of

the Server-class entity will be denied. */

execute dst=Server {

M.init {sid : dst_sid}

}

Page top
[Topic ssp_descr_security_models_staticmap_init]

StaticMap security model fini rule

fini {sid : <Sid>}

It deletes the association between the table and the resource that has the security ID sid (the table becomes free).

It returns the "allowed" result if the association between the table and the resource was deleted.

It returns the "denied" result in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_fini]

StaticMap security model set rule

set {sid : <Sid>, key : <Key>, value : <Value>}

It assigns the specified value to the specified key in the working instance of the table associated with the resource that has the security ID sid.

It returns the "allowed" result if the specified value was assigned to the specified key. (The current value of the key will be overwritten even if it is equal to the new value.)

It returns the "denied" result in the following cases:

  • The specified key is not in the table.
  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.

Example:

/* An entity of the Server class will receive the "allowed" decision

* from the Kaspersky Security Module by calling the method

* of the Set security interface if, when calling this

* method, the value 2 will be assigned to key k1 in the working

* instance of the table associated with this entity.

* Otherwise the entity of the Server class will receive the "denied" decision

* from the security module by calling the method of the

* Set security interface. */

security src=Server, method=Set {

M.set {sid : src_sid, key : "k1", value : 2}

}

Page top
[Topic ssp_descr_security_models_staticmap_set]

StaticMap security model commit rule

commit {sid : <Sid>}

It copies the values of keys from the working instance to the base instance of the table associated with the resource that has the security ID sid.

It returns the "allowed" result if the values of keys were copied from the working instance to the base instance of the table.

It returns the "denied" result in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_commit]

StaticMap security model rollback rule

rollback {sid : <Sid>}

It copies the values of keys from the base instance to the working instance of the table associated with the resource that has the security ID sid.

It returns the "allowed" result if the values of keys were copied from the base instance to the working instance of the table.

It returns the "denied" result in the following cases:

  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_rollback]

StaticMap security model get expression

get {sid : <Sid>, key : <Key>}

It returns the value of the specified key from the base instance of the table associated with the resource that has the security ID sid.

It returns a value of the Value type.

It runs incorrectly in the following cases:

  • The specified key is not in the table.
  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.

If the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Example:

/* An entity of the Server class will receive the "allowed" decision

* from the Kaspersky Security Module by calling the method

* of the Get security interface if the value of key k1

* in the base instance of the table associated with this

* entity is not zero. Otherwise an entity of the

* Server class will receive the "denied" decision from the

* security module by calling the method of the

* Get security interface. */

security src=Server, method=Get {

assert(M.get {sid : src_sid, key : "k1"} != 0)

}

Page top
[Topic ssp_descr_security_models_staticmap_get]

StaticMap security model get_uncommited expression

get_uncommited {sid: <Sid>, key: <Key>}

It returns the value of the specified key from the working instance of the table associated with the resource that has the security ID sid.

It returns a value of the Value type.

It runs incorrectly in the following cases:

  • The specified key is not in the table.
  • The resource with the security ID sid is not associated with a table from the tables pool of the StaticMap security model object being used.
  • Security ID sid is out of the permissible range.

If the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Page top
[Topic ssp_descr_security_models_staticmap_get_u]