Frequently Asked Questions
  • Register

Have questions? We have answers!

Search
  • What is Process-Based Security (PBS)? (detailed discription)

    SAGE FIRST Inc.'s Process-Based SecurityTM (PBS) model is a hardened, Linux-based security paradigm. The PBS operating system is not concerned with who initiated the requesting program, only what the program wants. The program is permitted to utilize only authorized resources. It is a default-deny model to operating systems providing resources only to the pre-authorized applications. In other words, it is a default-deny allowing only what the owner of the system wants to security model.

    For a more formal definition one could say PBS is a security model replacing user-based access (DAC) with process-based access (mandatory access controls, or MAC), invoking rules of least privilege and separation of duties.

    When the system administrator in a DAC-based system loads a new program onto the system, the needs of the program are determined and the administrator sets the authorized (user-based) access profile. In effect, the system administrator is mapping the locally established access rights policy to the system. The program is now associated with a user and that user has specific rights that ultimately determine the program’s level of access. If the user has been spoofed, or if a program’s access privileges have been hijacked, the rogue program can now roam the system at will.

    In a PBS system all system level policies are fixed and cannot be changed in the field. As a program operates and requests access to system resources, the program's authorized process profile checks to determine resource accessibility. This is accomplished by using a fine-grained access control table (ACL file, or access rights table) protected within the system. It maintains an authorized process profile for all known processes requiring access to system resources. This table has no entries for unauthorized or unknown processes.

    The problem posed by viruses is an example of PBS capabilities, which are twofold. First, a virus unknown to the system would not have an authorized process profile. The virus is not allowed access to any files or I/O ports, keeping the virus from running or infecting the computer or other computers. Secondly, if a friendly program being loaded by the administrator had been somehow previously infected, the extent of damage is minimized based on assigned process profiles.

    SAGE Fisrt Logo

    Created on 12/17/2012 in SAGE First FAQs

    Was this helpful?

Secure Web Server Appliance

FEATURES

  • Pre-configured with Web, email and FTP servers
  • Secure Remote Administration
  • Process-Based Built-in Security Policy
  • Worry-free maintenance
  • Hardened Operating System
  • Supports SSL, SSI, PHP, PERL PYTHON, & TCL
  • Supports MY SQL, PostgreSQL and SQL Libraries
  • Multi-domain Hosting, Virtual IP
  • Backup

Industrial Automation Firewall

Firewall AD Graphic

FEATURES

  • Mac Address Limiting
  • Port Management
  • Detection and Rejections of DOS Attacks
  • Protection from Viruses, Trojans and Common Cyber Attacks
  • Secure Your Ethernet Enabled Control System Devices (PLCs, RTUs, IEDs)
  • Physically Hardened
  • Secure, Cyber-Hardened Operating System
  • Protect Your End Devices Against Viruses, Worms, Trojans, Malware and Common Cyber Penetration Attacks
  • Transparent In-Line PLC Firewall and Communications Filter

 

Process-Based Security

PBS Ad Graphic