The ping example demonstrates the use of a solution security policy to control interactions between programs.
The ping example includes four programs: Client
, Server
, KlogEntity
and KlogStorageEntity
.
The Server
program provides two identical Ping
and Pong
methods that receive a number and return a modified number:
Ping(in UInt32 value, out UInt32 result);
Pong(in UInt32 value, out UInt32 result);
The Client
program calls both of these methods in a different sequence. If the method call is denied by the solution security policy, a message regarding the failed call attempt is displayed.
The system programs KlogEntity
and KlogStorageEntity
perform a security audit.
The transport part of the ping example is virtually identical to its counterpart in the echo example. The only difference is that the ping example uses two methods (Ping
and Pong
) instead of just one.
Solution security policy in the ping example
The solution security policy in this example allows startup of the KasperskyOS kernel and the Einit program, which is allowed to start all programs in the solution. Queries to the Server
program are managed by methods of the Flow security model.
The finite-state machine described in the configuration of the request_state
Flow security model object has two states: not_sent
and sent
. The initial state is not_sent
. Only transitions from not_sent
to sent
and vice versa are allowed.
When the Ping
and Pong
methods are called, the current state of the request_state
object is checked. In the not_sent
state, only a Ping
call is allowed, in which case the state changes to sent
. Likewise, in the sent
state, only a Pong
call is allowed, in which case the state changes to not_sent
.
Therefore, the Ping
and Pong
methods can be called only in succession.
Fragment of the security.psl file
/* Solution security policy for demonstrating use of the
* Flow security model in the ping example */
/* Include PSL files containing formal representations of
* Base and Flow security models */
use nk.base._
use nk.flow._
/* Including EDL files */
use EDL Einit
use EDL ping.Client
use EDL ping.Server
/* Create Flow security model object */
policy object request_state : Flow {
type States = "not_sent" | "sent"
config = {
states : [ "not_sent", "sent" ],
initial : "not_sent",
transitions : {
"not_sent" : [ "sent" ],
"sent" : [ "not_sent" ]
}
}
}
/* When the Einit program starts the Server program,
* the initial state is set for the finite-state machine */
execute src=Einit dst=ping.Server method=main {
request_state.init { sid: dst_sid }
}
/* When a client of the ping.Client class calls the Ping method of the controlimpl.connectionimpl endpoint
* of a server of the ping.Server class, the system checks whether the request_state object is
* in the "not_sent" state. If it is, receipt of the request is allowed and
* the request_state object is set to the "sent" state. */
request src=ping.Client dst=ping.Server endpoint=controlimpl.connectionimpl method=Ping {
request_state.allow { sid: dst_sid, states: [ "not_sent" ] }
request_state.enter { sid: dst_sid, state: "sent" }
}
/* When a client of the ping.Client class calls the Pong method of the controlimpl.connectionimpl endpoint
* of a server of the ping.Server class, the system checks whether the request_state object is
* in the "sent" state. If it is, receipt of the request is allowed and
* the request_state object is set to the "not_sent" state. */
request src=ping.Client dst=ping.Server endpoint=controlimpl.connectionimpl method=Pong {
request_state.allow { sid: dst_sid, states: [ "sent" ] }
request_state.enter { sid: dst_sid, state: "not_sent" }
}
/* A server of the ping.Server class is allowed to respond to queries from a client of the ping.Client class
* that calls the Ping and Pong methods of the controlimpl.connectionimpl endpoint. */
response src=ping.Server dst=ping.Client endpoint=controlimpl.connectionimpl {
match method=Ping { grant () }
match method=Pong { grant () }
}
The security policy description in the ping example also contains a section for solution security policy tests.
For an example of such a policy, see the "Example 2" section in "Examples of tests for KasperskyOS-based solution security policies".
The full security policy description for the ping example is located in the security.psl.in
and core.psl
files at the following path: /opt/KasperskyOS-Community-Edition-<version>/examples/ping/einit/src
.
Example files
The code of the example and build scripts are available at the following path:
/opt/KasperskyOS-Community-Edition-<version>/examples/ping
Building and running example
See Building and running examples section.
Page top