Introduction to security

Elements of the security policy

The security policy for a computing system describes the relationships among five elements. The first two elements are the subjects and objects on a computer system that interact with each other.

Subjects cause information to flow among objects or they change the system status. A process is represented on the system as a subject when it requests an action.
Objects are those parts of a computing system that contain or receive information. Examples of objects are data files, program files, directories, named pipes (also referred to as FIFOs), unnamed pipes, symbolic links, memory, terminals, lineprinters, disks, tapes, and, when they receive information, processes.

Typical interactions are for subjects to create, read, or write objects. Note that a process may be a subject or an object, depending on whether it's requesting an action or receiving information, respectively.

The remaining three elements of the security policy define the ways in which subjects and objects interact. These elements are ``access attributes'', ``access rules,'' and ``privileges''.

The access attributes of a subject or an object define its position within the classification scheme that the system uses to segregate computer users and information on the computer system.
The access rules embody the policy that segregates information for the system. The system determines whether a subject can access a given object by comparing the access attributes of the subject with the access attributes that are required to access the object. Only if a subject passes all relevant access checks can it access an object.
Privileges determine a subject's ability to perform certain restricted system calls, commands, and functions. Privileges also allow some processes to override access checks while performing some system calls.

The security policy of UnixWare prescribes a relationship between access rules and access attributes. The access attributes allow the system to define several distinct modes of authorization, and the access rules provide the mechanism for the system to prevent unauthorized access to sensitive information.

In enforcing the security policy, the system assigns access attributes to subjects and objects and then uses the access rules to ensure that subjects do not access objects for which the subjects do not have the proper access attributes.

The system further restricts the use of certain commands and system calls to subjects (processes) that have the proper privileges.