Safeguard Administrator's Manual (G06.29+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

151

152

153

154

155

156

157

158

159

160

Installation and Management

Safeguard Administrator’s Manual—523317-029

10-2

The Security Monitors (SMONs)

Security Database Management

The SMP makes all changes to the subject and object databases on the local system.

You make changes to the databases with SAFECOM commands. SAFECOM interprets

the commands and communicates with the SMP to change the database.

When a SAFECOM user requests information about a user or a protected object,

SAFECOM requests the information from the SMP. The SMP then reads the subject or

object database to reply to the SAFECOM request.

The SMP also creates audit records of attempts to access the subject and object

databases.

User Authentication

The SMP authenticates all user attempts to log on to the system in which it is running.

When a user attempts to log on, the user's command interpreter sends a user

authentication request to the SMP. The SMP reads the subject database to

authenticate the logon request and then replies to the command interpreter with the

results of the authentication check. The SMP also authenticates any authentication

request made by an application process.

Security Monitor (SMON) Process Management

The SMP is responsible for starting all the SMON processes on the system in which it

is running. When a processor fails, the SMP is responsible for restarting the SMON in

that processor after the processor has been reloaded.

The Security Monitors (SMONs)

A separate SMON process runs in every processor of a system in which the Safeguard

software is installed. Each SMON process is responsible for authorizing all attempts to

access protected objects with primary I/O processes running in its processor. Similarly,

when an attempt is made to access a running named process that is protected, the

access must be authorized by the associated SMON process. The SMON processes

read the object database to authorize attempts to access protected objects.

The SMON processes are also responsible for creating audit records of attempts to

access the objects under their protection.

Safeguard Helper Process (SHP)

The Safeguard Helper Process (SHP) assists the SMP to identify and update process

attributes when the following user attributes in the user database files are modified:

AUDIT-USER-ACTION-PASS

AUDIT-USER-ACTION-FAIL

Primary group ID