To control interactions between entities, the structure of the sent IPC messages must be transparent to the security module. In KasperskyOS, this is achieved using a static declaration of entities' interfaces. Special languages are used for this: Entity Definition Language (EDL), Component Definition Language (CDL) and Interface Definition Language (IDL). If an IPC message does not match an interface description, it will be rejected by the security module.
An entity's interface description defines the allowed IPC message structures. This creates a clear link between the implementation of each method and how that method is represented for the security module. Nearly every build tool uses entities' interface descriptions either explicitly or implicitly.
Types of static descriptions
A description of entities' interfaces is built using an "entity-component-interface" model:
Example
Below are static declarations of a solution consisting of a Client entity that does not implement a single interface, and a Server entity that implements the FileOps interface.
Client.edl
// The static description consists of only the entity's name
entity Client
Server.edl
// The Server entity contains an instance of the Operations component
entity Server
components {
OpsComp: Operations
}
Operations.cdl
// The Operations component implements the FileOps interface
component Operations
interfaces {
FileOpsImpl: FileOps
}
FileOps.idl
package FileOps
// Declaration of the String user type
typedef array <UInt8, 256> String;
// The FileOps interface contains a single Open method with a 'name' input argument and 'h' output argument
interface {
Open(in String name, out UInt32 h);
}
For more details, refer to Syntax of static declarations.
Page top