KasperskyOS Community Edition 1.1
English

Contents

HashSet security model

The HashSet security model lets you associate resources with one-dimensional tables of unique values of the same type, add or delete these values, and check whether a defined value is in the table. For example, a process of the network server can be associated with the set of ports that this server is allowed to open. This association can be used to check whether the server is allowed to initiate the opening of a port.

A PSL file containing a description of the HashSet security model is located in the KasperskyOS SDK at the following path:

toolchain/include/nk/hashmap.psl

In this section

HashSet security model object

HashSet security model init rule

HashSet security model fini rule

HashSet security model add rule

HashSet security model remove rule

HashSet security model contains expression
Page top
[Topic ssp_descr_security_models_hashset]

HashSet security model object

To use the HashSet security model, you need to create an object or objects of this model.

A HashSet security model object contains a pool of one-dimensional tables of the same size intended for storing the values of one type. A resource can be associated with only one table from the tables pool of each HashSet security model object.

A HashSet security model object has the following parameters:

  • type Entry – type of values in tables (these can be integer types, Boolean type, and dictionaries and tuples based on integer types and the Boolean type).
  • config – configuration of the pool of tables:
    • set_size – size of the table.
    • pool_size – number of tables in the pool.

All parameters of a HashSet security model object are required.

Example:

policy object S : HashSet {

type Entry = UInt32

config =

{ set_size : 5

, pool_size : 2

}

}

A HashSet security model object can be covered by a security audit. There are no audit conditions specific to the HashSet security model.

It is necessary to create multiple objects of the HashSet security model in the following cases:

  • You need to configure a security audit differently for different objects of the HashSet security model (for example, you can apply different audit profiles or different audit configurations of the same profile for different objects).
  • You need to distinguish between calls of methods provided by different objects of the HashSet security model (audit data includes the name of the security model method and the name of the object that provides this method, so you can verify that the method of a specific object was called).
  • You need to use tables of different sizes and/or with different types of values.
Page top
[Topic ssp_descr_security_models_hashset_object]

HashSet security model init rule

init {sid : <Sid>}

It associates a free table from the tables pool with the sid resource. If the free table contains values after its previous use, these values are deleted.

It returns the "allowed" result if an association was created between the table and the sid resource.

It returns the "denied" result in the following cases:

  • There are no free tables in the pool.
  • The sid resource is already associated with a table from the tables pool of the HashSet security model object being used.
  • The sid value is outside of the permissible range.

Example:

/* A process of the Server class will be allowed to start if,

* at startup initiation, an association will be created

* between this process and the table. Otherwise the startup of a process of the

* Server class will be denied. */

execute dst=Server {

S.init {sid : dst_sid}

}

Page top
[Topic ssp_descr_security_models_hashset_init]

HashSet security model fini rule

fini {sid : <Sid>}

It deletes the association between the table and the sid resource (the table becomes free).

It returns the "allowed" result if the association between the table and the sid resource was deleted.

It returns the "denied" result in the following cases:

  • The sid resource is not associated with a table from the tables pool of the HashSet security model object being used.
  • The sid value is outside of the permissible range.
Page top
[Topic ssp_descr_security_models_hashset_fini]

HashSet security model add rule

add {sid : <Sid>, entry : <Entry>}

It adds the entry value to the table associated with the sid resource.

It returns the "allowed" result in the following cases:

  • The rule added the entry value to the table associated with the sid resource.
  • The table associated with the sid resource already contains the entry value.

It returns the "denied" result in the following cases:

  • The table associated with the sid resource is completely full.
  • The sid resource is not associated with a table from the tables pool of the HashSet security model object being used.
  • The sid value is outside of the permissible range.

Example:

/* A process of the Server class will receive the "allowed" decision from

* the Kaspersky Security Module by calling the

* Add security interface method if, when this method is called, the value

* 5 will be added to the table associated with this

* process, or is already in the table. Otherwise

* a process of the Server class will receive the "denied" decision from the

* security module by calling the

* Add security interface method. */

security src=Server, method=Add {

S.add {sid : src_sid, entry : 5}

}

Page top
[Topic ssp_descr_security_models_hashset_add]

HashSet security model remove rule

remove {sid : <Sid>, entry : <Entry>}

It deletes the entry value from the table associated with the sid resource.

It returns the "allowed" result in the following cases:

  • The rule deleted the entry value from the table associated with the sid resource.
  • The table associated with the sid resource does not contain the entry value.

It returns the "denied" result in the following cases:

  • The sid resource is not associated with a table from the tables pool of the HashSet security model object being used.
  • The sid value is outside of the permissible range.
Page top
[Topic ssp_descr_security_models_hashset_remove]

HashSet security model contains expression

contains {sid : <Sid>, entry : <Entry>}

It checks whether the entry value is in the table associated with the sid resource.

It returns a value of the Boolean type. If the entry value is in the table associated with the sid resource, it returns true. Otherwise it returns false.

It runs incorrectly in the following cases:

  • The sid resource is not associated with a table from the tables pool of the HashSet security model object being used.
  • The sid value is outside of the permissible range.

When the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Example:

/* A process of the Server class will receive the "allowed" decision from

* the Kaspersky Security Module by calling the

* Check security interface method if the value 42 is in the table

* associated with this process. Otherwise a process of the

* Server class will receive the "denied" decision from the security module

/* by calling the Check security interface method. */

security src=Server, method=Check {

assert(S.contains {sid : src_sid, entry : 42})

}

Page top
[Topic ssp_descr_security_models_hashset_contains]