-
Notifications
You must be signed in to change notification settings - Fork 2
Medusa communication protocol
This is a work in progress.
Kobjects are representation of kernel objects used by the authorization server. Medusa has to provide a definition of an object that is sent to the authorization server (think of a class or struct definition). Then Medusa uses conversion functions that convert kernel objects to kobjects or vice-versa when communicating with the authorization server.
Events are generated in the kernel. Events may have a various number of attributes. There are two special attributes: subject and object which are always kobjects. There are two types of events:
Access types : These represent an access to a system resource (opening a file, creating a directory, etc.) Subject of an access type is always a process that tries to execute the operation and object is an entity upon which is the operation executed.
Kevents : These events are generated when Medusa encounters an object that was not verified by the authorization server (it hasn't been assigned to any virtual spaces).