KasperskyOS Community Edition 1.1
English

Contents

StaticMap security model

The StaticMap security model lets you associate resources with two-dimensional "key–value" tables, read and modify the values of keys. For example, a process of the driver can be associated with the MMIO memory region that this driver is allowed to use. This will require two keys whose values define the starting address and the size of the MMIO memory region. This association can be used to check whether the driver can query the MMIO memory region that it is attempting to access.

Keys in the table have the same type but are unique and immutable. The values of keys in the table have the same type.

There are two simultaneous instances of the table: base instance and working instance. Both instances are initialized by the same data. Changes are made first to the working instance and then can be added to the base instance, or vice versa: the working instance can be changed by using previous values from the base instance. The values of keys can be read from the base instance or working instance of the table.

A PSL file containing a description of the StaticMap security model is located in the KasperskyOS SDK at the following path:

toolchain/include/nk/staticmap.psl

In this section

StaticMap security model object

StaticMap security model init rule

StaticMap security model fini rule

StaticMap security model set rule

StaticMap security model commit rule

StaticMap security model rollback rule

StaticMap security model get expression

StaticMap security model get_uncommited expression
Page top
[Topic ssp_descr_security_models_staticmap]

StaticMap security model object

To use the StaticMap security model, you need to create an object or objects of this model.

A StaticMap security model object contains a pool of two-dimensional "key–value" tables that have the same size. A resource can be associated with only one table from the tables pool of each StaticMap security model object.

A StaticMap security model object has the following parameters:

  • type Value – type of values of keys in tables (integer types are supported).
  • config – configuration of the pool of tables:
    • keys – table containing keys and their default values (keys have the Key = Text | List<UInt8> type).
    • pool_size – number of tables in the pool.

All parameters of a StaticMap security model object are required.

Example:

policy object M : StaticMap {

type Value = UInt16

config =

{ keys:

{ "k1" : 0

, "k2" : 1

}

, pool_size : 2

}

}

A StaticMap security model object can be covered by a security audit. There are no audit conditions specific to the StaticMap security model.

It is necessary to create multiple objects of the StaticMap security model in the following cases:

  • You need to configure a security audit differently for different objects of the StaticMap security model (for example, you can apply different audit profiles or different audit configurations of the same profile for different objects).
  • You need to distinguish between calls of methods provided by different objects of the StaticMap security model (audit data includes the name of the security model method and the name of the object that provides this method, so you can verify that the method of a specific object was called).
  • You need to use tables with different sets of keys and/or different types of key values.
Page top
[Topic ssp_descr_security_models_staticmap_object]

StaticMap security model init rule

init {sid : <Sid>}

It associates a free table from the tables pool with the sid resource. Keys are initialized by the default values.

It returns the "allowed" result if an association was created between the table and the sid resource.

It returns the "denied" result in the following cases:

  • There are no free tables in the pool.
  • The sid resource is already associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.

Example:

/* A process of the Server class will be allowed to start if,

* at startup initiation, an association will be created

* between this process and the table. Otherwise the startup of a process of the

* Server class will be denied. */

execute dst=Server {

M.init {sid : dst_sid}

}

Page top
[Topic ssp_descr_security_models_staticmap_init]

StaticMap security model fini rule

fini {sid : <Sid>}

It deletes the association between the table and the sid resource (the table becomes free).

It returns the "allowed" result if the association between the table and the sid resource was deleted.

It returns the "denied" result in the following cases:

  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_fini]

StaticMap security model set rule

set {sid : <Sid>, key : <Key>, value : <Value>}

It assigns the specified value to the specified key in the working instance of the table associated with the sid resource.

It returns the "allowed" result if the specified value was assigned to the specified key in the working instance of the table associated with the sid resource. (The current value of the key will be overwritten even if it is equal to the new value.)

It returns the "denied" result in the following cases:

  • The specified key is not in the table associated with the sid resource.
  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.

Example:

/* A process of the Server class will receive the "allowed" decision from

* the Kaspersky Security Module by calling the

* Set security interface method if, when this method is called, the value 2

* will be assigned to key k1 in the working instance of the table

* associated with this process. Otherwise a process of the

* Server class will receive the "denied" decision from the security module

/* by calling the Set security interface method. */

security src=Server, method=Set {

M.set {sid : src_sid, key : "k1", value : 2}

}

Page top
[Topic ssp_descr_security_models_staticmap_set]

StaticMap security model commit rule

commit {sid : <Sid>}

It copies the values of keys from the working instance to the base instance of the table associated with the sid resource.

It returns the "allowed" result if the values of keys were copied from the working instance to the base instance of the table associated with the sid resource.

It returns the "denied" result in the following cases:

  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_commit]

StaticMap security model rollback rule

rollback {sid : <Sid>}

It copies the values of keys from the base instance to the working instance of the table associated with the sid resource.

It returns the "allowed" result if the values of keys were copied from the base instance to the working instance of the table associated with the sid resource.

It returns the "denied" result in the following cases:

  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.
Page top
[Topic ssp_descr_security_models_staticmap_rollback]

StaticMap security model get expression

get {sid : <Sid>, key : <Key>}

It returns the value of the specified key from the base instance of the table associated with the sid resource.

It returns a value of the Value type.

It runs incorrectly in the following cases:

  • The specified key is not in the table associated with the sid resource.
  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.

When the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Example:

/* A process of the Server class will receive the "allowed" decision from

* the Kaspersky Security Module by calling the

* Get security interface method if the value of key k1 in the base

* instance of the table associated with this process

* is not zero. Otherwise a process of the Server class will receive

* the "denied" decision from the security module

* by calling the Get security interface method. */

security src=Server, method=Get {

assert(M.get {sid : src_sid, key : "k1"} != 0)

}

Page top
[Topic ssp_descr_security_models_staticmap_get]

StaticMap security model get_uncommited expression

get_uncommited {sid: <Sid>, key: <Key>}

It returns the value of the specified key from the working instance of the table associated with the sid resource.

It returns a value of the Value type.

It runs incorrectly in the following cases:

  • The specified key is not in the table associated with the sid resource.
  • The sid resource is not associated with a table from the tables pool of the StaticMap security model object being used.
  • The sid value is outside of the permissible range.

When the expression runs incorrectly, the Kaspersky Security Module returns the "denied" decision.

Page top
[Topic ssp_descr_security_models_staticmap_get_u]