Frequently Asked Questions
  • Register

Have questions? We have answers!

Search
  • How does PBS work?

    When a process runs in a DAC-based operating system, it invokes several system calls. These system calls can retrieve as well as alter user data and kernel data. Hence they are the main points of risk for system security. If the process is restricted in terms of its access of the system calls, damage can be prevented. In the PBS operating system, there exists a “PBS-specific access right” related to every system call in the kernel. These access rights are in addition to the standard rights defined in Linux operating system. Thus, a process can access the system call only if it has the particular PBS-specific access right.

    Since the security is implemented at the kernel level, it is impossible for a user, even a trusted user, to compromise the system. Even if a user attains primary administrator access rights by social engineering or some other means, any system damage will be limited to that one particular process and then only from an application level, not a system level.

    In PBS, the only point of risk that remains to be considered is how the access rights are assigned to the process. PBS has a set number of processes which can run in the system, each of which has a predefined set of access rights listed in a file containing the access control list (ACL file). When installing a program onto the system a Master Administrator (defined as the person who builds the original system image), determines the PBS-specific access rights needed for the execution of the program. An entry is accordingly made in the ACL file. This file contains the list of programs that can be safely executed in the system and the PBS-specific access rights required for each program. Thus, when a program starts running in the PBS system, a check is made to verify if it has the access rights specified in the ACL file. Additionally, user-level authentication is implemented for another layer of security.

    Due to this restrictive nature of the PBS operating system, the number of processes running at any time is limited to only those that are absolutely needed for the web server or mail server or any other service running in the PBS environment. Although this reduces the flexibility, it increases the security by limiting the potential points of failure.

    Run Time Loading of a Process into the PBS System

    PBS Figure 1

    SAGE Fisrt Logo

    Created on 12/17/2012 in SAGE First FAQs

    Was this helpful?

Secure Web Server Appliance

FEATURES

  • Pre-configured with Web, email and FTP servers
  • Secure Remote Administration
  • Process-Based Built-in Security Policy
  • Worry-free maintenance
  • Hardened Operating System
  • Supports SSL, SSI, PHP, PERL PYTHON, & TCL
  • Supports MY SQL, PostgreSQL and SQL Libraries
  • Multi-domain Hosting, Virtual IP
  • Backup

Industrial Automation Firewall

Firewall AD Graphic

FEATURES

  • Mac Address Limiting
  • Port Management
  • Detection and Rejections of DOS Attacks
  • Protection from Viruses, Trojans and Common Cyber Attacks
  • Secure Your Ethernet Enabled Control System Devices (PLCs, RTUs, IEDs)
  • Physically Hardened
  • Secure, Cyber-Hardened Operating System
  • Protect Your End Devices Against Viruses, Worms, Trojans, Malware and Common Cyber Penetration Attacks
  • Transparent In-Line PLC Firewall and Communications Filter

 

Process-Based Security

PBS Ad Graphic