Access control
The OS kernel is an access control monitor.
Controls all interactions of subjects with protected objects.
Objects
Hardware.
Entities of the computational model.
Subjects
Usually local processes.
Through the system called API.
A system call (or syscall) is not an ordinary function call.
But also messages from other hosts.
Mandatory access controls
OS kernels have plenty of mandatory access control policies.
They are part of the computational model logic.
They cannot be overruled not even by administrators.
Unless they change the OS kernel behaviour.
Examples:
The kernel runs in CPU-privileged modes, user applications run in non-privileged modes.
Separation of virtual memory areas.
Inter-process signalling.
Interpretation of files’ access control protections.
Protection with ACLs (Access Control Lists)
Each object has an ACL.
It says which subjects can do what.
An ACL can be discretionary or mandatory.
When mandatory it cannot be modified.
When discretionary it can be tailored.
An ACL is checked when an activity, on behalf of a subject, wants to manipulate the object.
If the manipulation request is not authorized by the ACL, the access is denied.
The OS kernel is responsible for enforcing ACL-based protection.
Last updated