Example descriptions of basic security policies for KasperskyOS-based solutions

Before analyzing examples, you need to become familiar with the Struct, Base and Flow security models.

Example 1

The solution security policy in this example allows any interaction between different processes of the Client, Server and Einit classes, and between these processes and the KasperskyOS kernel. The "granted" decision will always be received when these processes query the Kaspersky Security Module. This policy can be used only as a stub during the early stages of development of a KasperskyOS-based solution so that the Kaspersky Security Module does not interfere with interactions. It would be unacceptable to apply such a policy in a real-world KasperskyOS-based solution.

security.psl

execute: kl.core.Execute

use nk.base._

use EDL Einit

use EDL Client

use EDL Server

use EDL kl.core.Core

execute { grant () }

request { grant () }

response { grant () }

error { grant () }

security { grant () }

Example 2

The solution security policy in this example imposes limitations on queries sent from clients of the FsClient class to servers of the FsDriver class. When a client opens a resource controlled by a server of the FsDriver class, a finite-state machine in the unverified state is associated with this resource. A client of the FsClient class is allowed to read data from a resource controlled by a server of the FsDriver class only if the finite-state machine associated with this resource is in the verified state. To switch a resource-associated finite-state machine from the unverified state to the verified state, a process of the FsVerifier class needs to query the Kaspersky Security Module.

In a real-world KasperskyOS-based solution, this policy cannot be applied because it allows an excessive variety of interactions between different processes and between processes and the KasperskyOS kernel.

security.psl

execute: kl.core.Execute

use nk.base._

use nk.flow._

use nk.basic._

policy object file_state : Flow {

type States = "unverified" | "verified"

config = {

states : ["unverified" , "verified"],

initial : "unverified",

transitions : {

"unverified" : ["verified"],

"verified" : []

}

}

}

execute { grant () }

request { grant () }

response { grant () }

use EDL kl.core.Core

use EDL Einit

use EDL FsClient

use EDL FsDriver

use EDL FsVerifier

response src=FsDriver, endpoint=operationsComp.operationsImpl, method=Open {

file_state.init {sid: message.handle.handle}

}

request src=FsClient, dst=FsDriver, endpoint=operationsComp.operationsImpl, method=Read {

file_state.allow {sid: message.handle.handle, states: ["verified"]}

}

security src=FsVerifier, method=Approve {

file_state.enter {sid: message.handle.handle, state: "verified"}

}

Page top