To demonstrate a security configuration based on the era policy family, the following files are required:
security.cfg – security configuration based on the era family.ping.era: era family configuration file.test.c: implementation of the test() function to be called by the client entity.security.cfg and ping.era
The security configuration in this example allows you to run all entities, and any entity, to call the core and server entities.
Calls to server entity methods are controlled by era family policies (implementation of Event-Recording Automata, a variety of timed automata):
Ping method can be called no more than once per second.Pong method is called, you cannot call the Ping method nor the Pong method.security.cfg
/* Security configuration for demonstrating the use of the "era" family in the "ping" example. */
/* Define execute interface. */
execute = execute.execute;
/* Import file with declaration of basic security policies. */
#include <kss/server/base.cfg>
/* Import file with declaration of "era" family policies. */
#include <kss/server/era.cfg>
/* Creating an instance of "era" family Name of new instance: "request_state". "era" family configuration file: ping.era.*/
use family request_state = era "ping.era";
/* Sending and receiving requests is allowed. */
request { grant; }
/* Sending and receiving responses is allowed. */
response { grant; }
/* Startup of entities is allowed. */
execute { grant; }
/* Declaration of entities. */
entity services.core;
entity einit;
entity client;
entity server;
/* The kernel is allowed to send queries via the security interface. */
security src=services.core { grant; }
/* When the server entity is started, switch the request_state to its initial state. */
execute dst=server, method=main {
request_state.restart;
}
/* When the Ping method is called, the ping event occurs if allowed by the request_state instance configuration. */
request dst=server, endpoint=ping_comp.ping_impl, method=Ping {
request_state.event ping;
}
/* When the Pong method is called, the pong event occurs if allowed by the request_state instance configuration. */
request dst=server, endpoint=ping_comp.ping_impl, method=Pong {
request_state.event pong;
}
The era family is always configured in a separate file.
The request_state instance may have one of two states: process or stop. This instance is linked to two events: ping and pong.
The ping event can occur no more than once per second, and the pong event switches the instance to the final state of stop, in which both events are denied.
ping.era
/* List of possible events. */
events: [ping, pong],
/* Initial state of instance: "process". */
initial: process,
/* Scale of clock (factor). Used when computing condition "if ping > 10". */
scale: 100 msec,
/* If the instance is in the "process" state:
- if the "ping" event occurs, there is a transition to the "process" state if at least one second has passed since the last event
- if the "pong" event occurs, there is a transition to the "stop" state */
process: {
ping: process if ping > 10,
pong: stop
}
test.c
In the test() function, the Ping and Pong methods are called as follows:
Ping method is called 8 times at an interval of 200 ms.Pong method is called twice.Ping method is called 8 times at an interval of 200 ms.test.c
#include <stdint.h>
#include "ping.idl.h"
void test(struct IPing *proxy)
{
uint32_t value;
int i;
/* Implementation of the ping() and ping() functions is in the client.c file. */
uint32_t ping(struct IPing *proxy, uint32_t value);
uint32_t pong(struct IPing *proxy, uint32_t value);
value = 777;
for (i = 0; i < 7; ++i)
{
value = ping(proxy, value);/* Allow only the sixth Ping call. */
usleep(200*1000);
}
value = pong(proxy, value);/* Query of Pong is allowed. */
value = pong(proxy, value);/* Query of Pong is denied. */
for (i = 0; i < 7; ++i)
{
value = ping(proxy, value);/* All queries of Ping are denied. */
usleep(200*1000);
}
}
Page top