Examples of binding security model methods to security events

Before analyzing examples, you need to become familiar with the Base security model.

Processing the initiation of process startups

/* The KasperskyOS kernel and any process

* in the solution is allowed to start any

* process. */

execute { grant () }

/* The kernel is allowed to start a process

* of the Einit class. */

execute src=kl.core.Core, dst=Einit { grant () }

/* An Einit-class process is allowed

* to start any process in the solution. */

execute src=Einit { grant () }

Handling the startup of the KasperskyOS kernel

/* The KasperskyOS kernel is allowed to start.

* (This binding is necessary so that the security

* module can be notified of the kernel SID. The kernel starts irrespective

* of whether this is allowed by the solution security policy

* or denied. If the solution security policy denies the

* startup of the kernel, after startup the kernel will terminate its

* execution.) */

execute src=kl.core.Core, dst=kl.core.Core { grant () }

Handling IPC request forwarding

/* Any client in the solution is allowed to query

* any server and the KasperskyOS kernel. */

request { grant () }

/* A client of the Client class is allowed to query

* any server in the solution and the kernel. */

request src=Client { grant () }

/* Any client in the solution is allowed to query

* a server of the Server class. */

request dst=Server { grant () }

/* A client of the Client class is not allowed to

* query a server of the Server class. */

request src=Client dst=Server { deny () }

/* A client of the Client class is allowed to

* query a server of the Server class

* by calling the Ping method of the net.Net endpoint. */

request src=Client dst=Server endpoint=net.Net method=Ping {

grant ()

}

/* Any client in the solution is allowed to query

* a server of the Server class by calling the Send method

* of the endpoint with the MessExch interface. */

request dst=Server interface=MessExch method=Send {

grant ()

}

Handling IPC response forwarding

/* A server of the Server class is allowed to respond to

* queries of a Client-class client that

* calls the Ping method of the net.Net endpoint. */

response src=Server, dst=Client, endpoint=net.Net, method=Ping {

grant ()

}

/* The server containing the kl.drivers.KIDF component

* that provide endpoints with the monitor interface is allowed to

* respond to queries of a DriverManager-class client

* that uses these endpoints. */

response dst=DriverManager component=kl.drivers.KIDF interface=monitor {

grant ()

}

Handling the transmission of IPC responses containing error information

/* A server of the Server class is not allowed to notify a client

* of the Client class regarding errors that occur

* when the client queries the server by calling the

* Ping method of the net.Net endpoint. */

error src=Server, dst=Client, endpoint=net.Net, method=Ping {

deny ()

}

Handling queries sent by processes to the Kaspersky Security Module

/* A process of the Sdcard class will receive the

* "granted" decision from the Kaspersky Security Module

/* by calling the Register method of the security interface.

* (Using the security interface defined

* in the EDL description.) */

security src=Sdcard, method=Register {

grant ()

}

/* A process of the Sdcard class will receive the "denied" decision

* from the security module when calling the Comp.Register method

* of the security interface. (Using the security interface

* defined in the CDL description.) */

security src=Sdcard, method=Comp.Register {

deny ()

}

Using match sections

/* A client of the Client class is allowed to query

* a server of the Server class by calling the Send

* and Receive methods of the net endpoint. */

request src=Client, dst=Server, endpoint=net {

match method=Send { grant () }

match method=Receive { grant () }

}

/* A client of the Client class is allowed to query

* a server of the Server class by calling the Send

* and Receive methods of the sn.Net endpoint and the Write and

* Read methods of the sn.Storage endpoint. */

request src=Client, dst=Server {

match endpoint=sn.Net {

match method=Send { grant () }

match method=Receive { grant () }

}

match endpoint=sn.Storage {

match method=Write { grant () }

match method=Read { grant () }

}

}

Setting audit profiles

/* Set the default global audit profile

* and initial audit runtime-level of 0 */

audit default = global 0

request src=Client, dst=Server {

/* Set the parent audit profile at the level of

* binding methods of security models to

* security events */

audit parent

match endpoint=net.Net, method=Send {

/* Set a child audit profile at the

* match section level */

audit child

grant ()

}

/* This match section applies a

* parent audit profile. */

match endpoint=net.Net, method=Receive {

grant ()

}

}

/* This binding of the security model method

* to the security event utilizes the

* global audit profile. */

response src=Client, dst=Server {

grant ()

}

Page top