Skip to content

Medusa communication protocol

Roderik Ploszek edited this page Oct 13, 2021 · 1 revision

This is a work in progress.

Kobjects

Kobjects are representation of kernel objects used by the authorization server. Medusa has to provide a definition of an object that is sent to the authorization server (think of a class or struct definition). Then Medusa uses conversion functions that convert kernel objects to kobjects or vice-versa when communicating with the authorization server.

Events

Events are generated in the kernel. Events may have a various number of attributes. There are two special attributes: subject and object which are always kobjects. There are two types of events:

Access types : These represent an access to a system resource (opening a file, creating a directory, etc.) Subject of an access type is always a process that tries to execute the operation and object is an entity upon which is the operation executed.

Kevents : These events are generated when Medusa encounters an object that was not verified by the authorization server (it hasn't been assigned to any virtual spaces).

Operations

Update

Fetch

Clone this wiki locally