How the components of the system work together
The system must be able to account for any security-relevant actions taken
by itself on behalf of users on the system.
To ensure accountability,
the system must perform stringent authentication and identification
procedures.
The ability to audit security-relevant system events, through the
installation of the Auditing Set, is also important.
In general,
the steps in assuring security are as follows:
-
You identify and verify
yourself to the system via the Identification and
Authentication mechanisms. You are prompted to identify yourself
by supplying your login name, and the system authenticates you
using the password that you supply.
-
You establish a process on the operating system. This will
normally be running an interactive program known as the
shell.
For every object you attempt to access, the system uses your identity
to make
access control decisions via the Discretionary
Access Control Mechanism. You may create new processes; each new
process inherits the identity of the process that created it.
In this way, accountability for the actions performed by a process
is preserved. You may also create new objects. Permissions are
placed on these objects in a well-defined manner. You may also change
the permissions on objects that you own. Some executable files may
temporarily change your identity for access control purposes. For
example, the
ps(1)
comand does this to allow you to see a
complete list of all the processes running on a system at a specific
time.
-
Process privileges, if granted to you by the system, allow you
to override system restrictions. For example, you may have privilege
to change your identity for access control purposes.
-
Through the available system calls, your process or processes invoke
system calls that in turn call routines in one of the seven
subsystems in the kernel.
-
The audit subsystem, if installed, keeps track of sensitive
operations and who performs them. It will track your activities
from the point you log in until your last process finishes and
exits.
-
Once you have finished your work, all of your processes terminate,
and you exit the system.
As the items in this list demonstrate,
the system establishes a chain of control
to ensure security.
You must
access the login and password verification mechanisms
in order to create a process on the system.
Then,
that process and all the processes it spawns
must pass access checks before
accessing an object. These checks are made for each access attempt.
Any task that requires privileges to override
access checks must be done via the
Process Privilege mechanism,
which is under the control of the system.
Finally,
sensitive operations can be
monitored by the audit subsystem.
Thus,
the chain of secure accountability is maintained.
See
``Overview of the auditing subsystem''
for more information on the auditing subsystem.
Next topic:
The shell
Previous topic:
Relating file privileges and process privileges
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004