Controlling interactions between entities
All interactions between entities are controlled by a separate subsystem called Kaspersky Security System, which consists of a security module.
When the client entity sends a request to the server entity, the kernel forwards the request to the security module so that it can be checked. This subsystem checks whether the request structure matches the called method and that the request is permissible according to the implemented security model described using security policies.
A security policy is a specific rule for checking the permissibility of an event. For more details, refer to Security policies.
The server will receive the request only if Kaspersky Security System returns an "allowed" decision:
The response sent by the server to the client undergoes a similar check by Kaspersky Security System:
Consequently, a method of a different entity can be successfully called only if the following conditions are met:
- The request and response have the correct structure.
- The request and response are allowed by security policies.