RSBAC

RSBAC

RSBAC (Rule Set Based Access Control) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a).

Features

*Free open source (GPL) Linux kernel security extension.
*Independent of governments and big companies.
*Several well-known and new security models, e.g. MAC, ACL and RC.
*On-access virus scanning with Dazuko interface.
*Detailed control over individual user and program network accesses.
*Fully access controlled kernel level user management.
*Any combination of security models possible.
*Easily extensible: write your own model for runtime registration.
*Support for latest kernels.
*Stable for production use.
*Very easily portable to other operating systems.

RSBAC

The RSBAC system architecture has been derived and extended from the Generalized Framework for Access Control (GFAC) by Marshall Abrams and Leonard La Padula.

In his essay Rule Set Modeling of a Trusted Computer System, Leonard LaPadula describes how the Generalized Framework for Access Control (GFAC) approach could be implemented in the Unix System V operating system. He introduced the clear separation between Access Enforcement Facility (AEF), Access Decision Facility (ADF) with Access Control Rules (ACR) and Access Control Information (ACI).

The AEF as part of the system call function calls the ADF, which uses ACI and the rules to return a decision and a set of new ACI attribute values. The decision is then enforced by the AEF, which also sets the new attribute values and, in case of allowed access, provides object access to the subject.

This structure requires all security relevant system calls to be extended by AEF interception, and it needs a well defined interface between AEF and ADF. For better modeling, a set of request types was used, in which all system call functionalities were to be expressed. The general structure of the GFAC has also been included in the ISO standard 10181-3 Security frameworks for open systems: Access control framework and into the OpenGroup standard Authorization (AZN) API.

The first RSBAC prototype followed La Padula’s suggestions and implemented some access control policies briefly described there, namely MAC, FC and SIM, as well as the Privacy Model by Simone Fischer-Hübner.

Many aspects of the system have changed a lot since then, e.g. the current framework supports more object types, includes generic list management and network access control, contains several additional security models and supports runtime registration of decision modules and system calls for their administration.

See also

*PaX
*Security-Enhanced Linux
*grsecurity
*Mandatory access control
*Computer security

External links

* [http://www.rsbac.org/ RSBAC homepage]
* [http://www.acsa-admin.org/secshelf/book001/09.pdf Leonard LaPadula's essay on GFAC]
* [http://gentoo-wiki.com/Access_Control_Comparison_Table Gentoo Wiki Access Control Comparison Table]


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • RSBAC — Contrôle d accès à base de règles RSBAC (Rule Set Based Access Control) est un ensemble de sécurité pour Linux dont la fonction est d offrir un contrôle supplémentaire d accès aux ressources. Il peut utiliser plusieurs modèles de sécurité… …   Wikipédia en Français

  • RSBAC — abbr. Rule Set Base Access Control (Linux) …   United dictionary of abbreviations and acronyms

  • Contrôle d'accès à base de règles — RSBAC (Rule Set Based Access Control) est un ensemble de sécurité pour Linux dont la fonction est d offrir un contrôle supplémentaire d accès aux ressources. Il peut utiliser plusieurs modèles de sécurité différents, tels ACL, MAC, RC, etc. Il… …   Wikipédia en Français

  • Linux Security Modules — (LSM) is a framework that allows the Linux kernel to support a variety of computer security models while avoiding favoritism toward any single security implementation. The framework is licensed under the terms of the GNU General Public License… …   Wikipedia

  • Mandatory access control — In computer security, mandatory access control (MAC) refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target.… …   Wikipedia

  • Systeme d'exploitation base sur la securite — Système d exploitation basé sur la sécurité Voici la liste alphabétique des systèmes d exploitation non seulement reconnus pour leur sécurité, mais issus d un projet axé sur le renforcement de la sécurité. Les critères sont détaillés et peuvent… …   Wikipédia en Français

  • Système d'exploitation basé sur la sécurité — Voici la liste alphabétique des systèmes d exploitation non seulement reconnus pour leur sécurité, mais issus d un projet axé sur le renforcement de la sécurité. Les critères sont détaillés et peuvent également être répertoriés dans les systèmes… …   Wikipédia en Français

  • RBAC — Die Artikel Rollenkonzept und Role Based Access Control überschneiden sich thematisch. Hilf mit, die Artikel besser voneinander abzugrenzen oder zu vereinigen. Beteilige dich dazu an der Diskussion über diese Überschneidungen. Bitte entferne… …   Deutsch Wikipedia

  • Rollenbasierte Zugriffskontrolle — Die Artikel Rollenkonzept und Role Based Access Control überschneiden sich thematisch. Hilf mit, die Artikel besser voneinander abzugrenzen oder zu vereinigen. Beteilige dich dazu an der Diskussion über diese Überschneidungen. Bitte entferne… …   Deutsch Wikipedia

  • Castle Linux — est une distribution russe de GNU/Linux, basée sur la distribution française Mandrake Linux et inspirée par le projet Openwall Linux. Elle est fortement orientée sécurité. Castle Linux est développée par la société moscovite ALT Linux Team et… …   Wikipédia en Français

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”