Deutsch
English
The following figure illustrates the overall architecture of the Anoubis system.
The events which are relevant for Anoubis, are intercepted by the kernel.
These events are forwarded to a special userland program, the Anoubis daemon, using a specially designed interface. The daemon uses policies to make a decision, whether the event is allowed or not.
The process causing the event is blocked until the decision is made. In particular this means that the access is not allowed before the Anoubis daemon has approved it. A negative response causes an error of the system call that is currently in progress in the requesting process.
The actual decision about an event is made by the Policy Engine, which is solely responsible for the evaluation of policies.
Anoubis offers the possibility to neither allow nor deny an event, but instead ask the user to make a decision. The Session Engine is responsible for performing such interactive notifications. User interfaces (such as a GUI or a command line tool) that are able to present events to users can register with the session engine. If no interactive user interface is registered or no answer is passed back within a reasonable amount of time, the event is refused by the Session Engine.
Security is not limited to technical aspects, the user and his working environment should also be considered. That's why Anoubis ships a graphical user interface for easy configuration of the system and for interactive communication with the Anoubis daemon. With the help of the Anoubis GUI rulesets for all components can easily be created or adjusted. Checksums for files can be created, signed and validated. The GUI displays daemon queries sent by the Session Engine and enables the user to answer the queries in a simple way. A temporary or permanent rule for this or similar events can be created along the way. These rules are inserted into the user's ruleset.