Elements of the security policy
The security policy for a computing system
describes the relationships
among five elements.
The first two elements are the subjects
and objects on a computer system
that interact with each other.
-
Subjects cause information to flow among objects or they
change the system status.
A process is represented on the system as a subject
when it requests an action.
-
Objects
are those parts of a computing system that
contain or receive information.
Examples of objects are data files,
program files,
directories,
named pipes (also referred to as FIFOs),
unnamed pipes,
symbolic links,
memory,
terminals,
lineprinters,
disks,
tapes,
and, when they receive information, processes.
Typical interactions are for subjects
to create, read, or write objects.
Note that a process may be a subject or an object,
depending on whether it's requesting
an action or receiving information, respectively.
The remaining three elements of the security policy
define the ways in which subjects
and objects interact.
These elements are
``access attributes'', ``access rules,''
and ``privileges''.
-
The access attributes of a subject or an object define its
position within the classification scheme
that the system uses to segregate
computer users and information on the computer system.
-
The access rules
embody the policy that segregates information for the system.
The system determines
whether a subject can access a given object by comparing
the access attributes of the subject with the access attributes
that are required to access the object.
Only if a subject passes all relevant access checks can it access
an object.
-
Privileges
determine a subject's ability to perform certain
restricted system calls,
commands,
and functions.
Privileges also allow some processes to override access
checks while performing some system calls.
The security policy of UnixWare
prescribes a
relationship between access rules and access attributes.
The access attributes allow
the system to define several distinct modes of authorization,
and the access rules provide the mechanism for the
system to prevent unauthorized access to sensitive information.
In enforcing the security policy,
the system assigns access attributes to subjects and objects
and then uses the access rules to
ensure that subjects do not access objects for which
the subjects do not have the proper access attributes.
The system further restricts the use of certain commands and system
calls to subjects (processes) that have the proper privileges.
Next topic:
The kernel and system architecture
Previous topic:
What is security?
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004