Controlling interactions between entities
All interactions between entities are controlled by a separate subsystem called Kaspersky Security System, which consists of a security module.
When the client entity sends a request to the server entity, the kernel passes the request to Kaspersky Security System, so that it can be checked. This subsystem checks whether the request structure matches the called method and that the request is permitted by security policies.
A security policy is a special function that checks whether an event is permitted. For more details, see Security policies.
The server will receive the request only if Kaspersky Security System returns an "allowed" decision:
The response sent by the server to the client undergoes a similar check by Kaspersky Security System:
Consequently, a method of a different entity can be successfully called only if the following conditions are met:
- The request and response have the correct structure.
- The request and response are allowed by security policies.