Introduction to security

Elements of the security policy

The security policy for a computing system describes the relationships among five elements. The first two elements are the subjects and objects on a computer system that interact with each other.

Typical interactions are for subjects to create, read, or write objects. Note that a process may be a subject or an object, depending on whether it's requesting an action or receiving information, respectively.

The remaining three elements of the security policy define the ways in which subjects and objects interact. These elements are ``access attributes'', ``access rules,'' and ``privileges''.

The security policy of UnixWare prescribes a relationship between access rules and access attributes. The access attributes allow the system to define several distinct modes of authorization, and the access rules provide the mechanism for the system to prevent unauthorized access to sensitive information.

In enforcing the security policy, the system assigns access attributes to subjects and objects and then uses the access rules to ensure that subjects do not access objects for which the subjects do not have the proper access attributes.

The system further restricts the use of certain commands and system calls to subjects (processes) that have the proper privileges.

Next topic: The kernel and system architecture
Previous topic: What is security?

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004