When a process in the PBS system tries to invoke a system call, an access verification routine is followed before granting access for the process to the system call.

There are certain system calls that require a process to perform an action (e.g. Reboot, Set Time). In such cases, PBS checks if the calling process has appropriate PBS-specific access rights to perform that action.

Other system calls require the process to perform an operation on a file (e.g., Create, Delete, Write files or Mount). In these cases PBS performs several tests. First, it checks the validity of the file name and path name, and whether it already exists. It also checks whether the process has the appropriate access rights for that particular file. For example, if a process issues the system call mount(fd0, “/home/user”), PBS first checks if fd0 is a valid device and if “/home/user” is a valid path. Second, it checks if the process has appropriate mount access rights PBS_MOUNT_DEV for the device “fd0” and PBS_MOUNT_PATH for the path “/home/user.” If any of these tests fail, the system call is disallowed. Thus, the access to any system resource is highly restricted and guarded. Because of the heavily layered security built into PBS it is essentially impossible for an attacker to cause damage.