ping example

The ping example demonstrates the use of a solution security policy to control interactions between programs.

The ping example includes four programs: Client, Server, KlogEntity and KlogStorageEntity.

The Server program provides two identical Ping and Pong methods that receive a number and return a modified number:

Ping(in UInt32 value, out UInt32 result);

Pong(in UInt32 value, out UInt32 result);

The Client program calls both of these methods in a different sequence. If the method call is denied by the solution security policy, a message regarding the failed call attempt is displayed.

The system programs KlogEntity and KlogStorageEntity perform a security audit.

The transport part of the ping example is virtually identical to its counterpart in the echo example. The only difference is that the ping example uses two methods (Ping and Pong) instead of just one.

Solution security policy in the ping example

The solution security policy in this example allows startup of the KasperskyOS kernel and the Einit program, which is allowed to start all programs in the solution. Queries to the Server program are managed by methods of the Flow security model.

The finite-state machine described in the configuration of the request_state Flow security model object has two states: not_sent and sent. The initial state is not_sent. Only transitions from not_sent to sent and vice versa are allowed.

When the Ping and Pong methods are called, the current state of the request_state object is checked. In the not_sent state, only a Ping call is allowed, in which case the state changes to sent. Likewise, in the sent state, only a Pong call is allowed, in which case the state changes to not_sent.

Therefore, the Ping and Pong methods can be called only in succession.

Fragment of the security.psl file

/* Solution security policy for demonstrating use of the

* Flow security model in the ping example */

/* Include PSL files containing formal representations of

* Base and Flow security models */

use nk.base._

use nk.flow._

/* Including EDL files */

use EDL Einit

use EDL ping.Client

use EDL ping.Server

/* Create Flow security model object */

policy object request_state : Flow {

type States = "not_sent" | "sent"

config = {

states : [ "not_sent", "sent" ],

initial : "not_sent",

transitions : {

"not_sent" : [ "sent" ],

"sent" : [ "not_sent" ]

}

}

}

/* When the Einit program starts the Server program,

* the initial state is set for the finite-state machine */

execute src=Einit dst=ping.Server method=main {

request_state.init { sid: dst_sid }

}

/* When a client of the ping.Client class calls the Ping method of the controlimpl.connectionimpl endpoint

* of a server of the ping.Server class, the system checks whether the request_state object is

* in the "not_sent" state. If it is, receipt of the request is allowed and

* the request_state object is set to the "sent" state. */

request src=ping.Client dst=ping.Server endpoint=controlimpl.connectionimpl method=Ping {

request_state.allow { sid: dst_sid, states: [ "not_sent" ] }

request_state.enter { sid: dst_sid, state: "sent" }

}

/* When a client of the ping.Client class calls the Pong method of the controlimpl.connectionimpl endpoint

* of a server of the ping.Server class, the system checks whether the request_state object is

* in the "sent" state. If it is, receipt of the request is allowed and

* the request_state object is set to the "not_sent" state. */

request src=ping.Client dst=ping.Server endpoint=controlimpl.connectionimpl method=Pong {

request_state.allow { sid: dst_sid, states: [ "sent" ] }

request_state.enter { sid: dst_sid, state: "not_sent" }

}

/* A server of the ping.Server class is allowed to respond to queries from a client of the ping.Client class

* that calls the Ping and Pong methods of the controlimpl.connectionimpl endpoint. */

response src=ping.Server dst=ping.Client endpoint=controlimpl.connectionimpl {

match method=Ping { grant () }

match method=Pong { grant () }

}

The security policy description in the ping example also contains a section for solution security policy tests.

For an example of such a policy, see the "Example 2" section in "Examples of tests for KasperskyOS-based solution security policies".

The full security policy description for the ping example is located in the security.psl.in and core.psl files at the following path: /opt/KasperskyOS-Community-Edition-<version>/examples/ping/einit/src.

Example files

The code of the example and build scripts are available at the following path:

/opt/KasperskyOS-Community-Edition-<version>/examples/ping

Building and running example

See Building and running examples section.