Information Technology Reference
In-Depth Information
privileged pages, the Linux kernel — in user pages). The Linux VM is an ordinary
process of the Fenix OS and does not have access to the internal structures of the
Fenix OS kernel.
2.
Protection of the Linux VM from the Linux processes.
The Linux VM is protected
from the Linux processes by memory segmentation and segments privileges.
3.
Protection of the Linux processes from one another.
The lower three gigabytes of
the virtual address space of the VM are used to run Linux processes. Before
switching from one process to another the memory used by the first process is
removed from the virtual address space of the VM. The memory used by the new
process is mapped to the same virtual address space, and only after that the control
can go over to the new process. Thus, the Linux OS processes can have access only
to their address space, without any access to the virtual address spaces of other
Linux OS processes and, therefore, cannot interfere with their execution.
4.
Protection of the Fenix kernel from Linux processes.
The Linux OS processes are
run at the third privilege level in the segment limited to three gigabytes, and have
no access to the internal structures of the Fenix kernel; therefore, they cannot
interfere with its operation or affect other Fenix processes.
5.
Protection of applications of the secure Fenix OS from the Linux VM.
Protection
of the applications of the secure Fenix OS from both the Linux VM and Linux
kernel is provided by the secure Fenix OS kernel, which isolates the address spaces
of Fenix tasks and, respectively, the Linux VMs using segment and page protection
of address spaces.
Thus, the components of the hybrid system form a hierarchy: “Fenix kernel” —
“Linux VM” — “Linux process”, where every component is in full control of the
lower level components and protected from their interference.
The architecture of the secure Fenix OS, based on the concept of universal
information resources and total control of interactions between all system
components, makes it possible to deal with the problem of control over the access of
Linux applications to all kinds of protected information resources under control of the
secure Fenix OS using the built-in security features.
1.
Control of the access to the terminals of the secure Fenix OS.
The terminal which
can display confidential information and accept commands from the user to
process it, is one of the protected information resources controlled by the security
features of the secure Fenix OS. The guest Linux OS does not have direct access to
the secure Fenix OS terminal. The only way for Linux OS applications to display
information or to receive a command from the user console is to access the
programmable interface of the secure Fenix OS. Every such time the secure Fenix
OS, after the appropriate authorization procedures, will make a decision on
whether the access to the terminal for the Linux process will be granted or denied.
2.
Control of the access to the information resources of the secure Fenix OS by the
Linux OS and its applications.
The file system driver of the modified Linux OS
kernel is used as a gateway for the access to the information resources of the secure
Fenix OS, it maps their file system in Linux and translates the events to the secure
Fenix OS. Since from the standpoint of the secure Fenix OS architecture the Linux
VM represents an ordinary user process, so, when these resources are accessed, a
usual Fenix access control procedure takes place according to the security pattern
