Access control

The OS kernel is an access control monitor.

• Controls all interactions of subjects with protected objects.

Objects

• Hardware.

• Entities of the computational model.

Subjects

• Usually local processes.

  • Through the system called API.

  • A system call (or syscall) is not an ordinary function call.

• But also messages from other hosts.

Mandatory access controls

OS kernels have plenty of mandatory access control policies.

• They are part of the computational model logic.

• They cannot be overruled not even by administrators.

  • Unless they change the OS kernel behaviour.

Examples:

• The kernel runs in CPU-privileged modes, user applications run in non-privileged modes.

• Separation of virtual memory areas.

• Inter-process signalling.

• Interpretation of files’ access control protections.

Protection with ACLs (Access Control Lists)

Each object has an ACL.

• It says which subjects can do what.

An ACL can be discretionary or mandatory.

• When mandatory it cannot be modified.

• When discretionary it can be tailored.

An ACL is checked when an activity, on behalf of a subject, wants to manipulate the object.

• If the manipulation request is not authorized by the ACL, the access is denied.

• The OS kernel is responsible for enforcing ACL-based protection.