3.1 Kernel Message Processing

The cryptlib kernel acts as a filtering mechanism for all messages that pass through it. applying a configurable set of filtering rules to each message. These rules are defined in terms of pre- and post-dispatch actions that are performed for each message. In terms of the separation of mechanism and policy requirement given in the previous chapter, the filter rules provide the policy and the kernel provides the mechanism. The advantage of using a rule-based policy is that it allows the system to be configured to match user needs and to be upgraded to meet future threats that had not been taken into account when the original policy for the system was formulated. In a conventional approach where the policy is hardcoded into the kernel, a change in policy may require the redesign of the entire kernel. Another advantage of a rule-based policy of this type is that it can be made fairly flexible and dynamic to account for the requirements of particular situations (for example, allowing the use of a corporate signing key only during normal business hours, or locking down access or system functionality during a time of heightened risk). A final advantage is that an implementation of this type can be easier to verify than more traditional implementations, an issue that is covered in more detail in Chapter 5.