How the components of the system work together

The system must be able to account for any security-relevant actions taken by itself on behalf of users on the system. To ensure accountability, the system must perform stringent authentication and identification procedures. The ability to audit security-relevant system events, through the installation of the Auditing Set, is also important.

In general, the steps in assuring security are as follows:

1. You identify and verify yourself to the system via the Identification and Authentication mechanisms. You are prompted to identify yourself by supplying your login name, and the system authenticates you using the password that you supply.

2. You establish a process on the operating system. This will normally be running an interactive program known as the shell. For every object you attempt to access, the system uses your identity to make access control decisions via the Discretionary Access Control Mechanism. You may create new processes; each new process inherits the identity of the process that created it. In this way, accountability for the actions performed by a process is preserved. You may also create new objects. Permissions are placed on these objects in a well-defined manner. You may also change the permissions on objects that you own. Some executable files may temporarily change your identity for access control purposes. For example, the ps(1) comand does this to allow you to see a complete list of all the processes running on a system at a specific time.

3. Process privileges, if granted to you by the system, allow you to override system restrictions. For example, you may have privilege to change your identity for access control purposes.

4. Through the available system calls, your process or processes invoke system calls that in turn call routines in one of the seven subsystems in the kernel.

5. The audit subsystem, if installed, keeps track of sensitive operations and who performs them. It will track your activities from the point you log in until your last process finishes and exits.

6. Once you have finished your work, all of your processes terminate, and you exit the system.

As the items in this list demonstrate, the system establishes a chain of control to ensure security. You must access the login and password verification mechanisms in order to create a process on the system. Then, that process and all the processes it spawns must pass access checks before accessing an object. These checks are made for each access attempt.

Any task that requires privileges to override access checks must be done via the Process Privilege mechanism, which is under the control of the system.

Finally, sensitive operations can be monitored by the audit subsystem. Thus, the chain of secure accountability is maintained.

See ``Overview of the auditing subsystem'' for more information on the auditing subsystem.