Previous Topic: What Is Protected?Next Topic: Class Activation


How Is It Protected?

CA ControlMinder starts immediately after the operating system finishes its initialization. CA ControlMinder places hooks in system services that must be protected. In this way, control is passed to CA ControlMinder before the service is performed. CA ControlMinder decides whether the service should be granted to the user.

For example, a user may attempt to access a resource protected by CA ControlMinder. This access request generates a system call to the kernel to open the resource. CA ControlMinder intercepts that system call and decides whether to grant access. If permission is granted, CA ControlMinder passes control to the regular system service; if CA ControlMinder denies permission, it returns the standard permission‑denied error code to the program that activated the system call, and the system call ends.

The decision is based on access rules and policies that are defined in the database. The database describes two types of objects: accessors and resources. Accessors are users and groups. Resources are objects to be protected, such as files and services. Each record in the database describes an accessor or a resource.

Each object belongs to a class-a collection of objects of the same type. For example, TERMINAL is a class containing objects that are terminals (workstations) protected by CA ControlMinder.