Gentoo Logo

Rule Set Based Access Control (RSBAC) for Linux - Introduction

Content:

1.  Introduction

Traditional access control systems and RSBAC

Traditional access control systems used to be melted into the system kernel. The actual security policy was deeply connected to the whole design of the system and hard-coded into the security part, making modifications to meet changed requirements a difficult task.

In this work I used a new proposal by L. J. La Padula, based on the "Generalized Framework for Access Control", which was developed by a working group led by Marshall Abrams at MITRE. By division of the functional components they made it possible to simply configure many different security policies based on well-known and easily extensible models.

Implementation

For the implementation I choosed the Unix Linux variant of Unix, thanks to it's freely available source code. It is also very stable and near to both La Padula's example system and also common Unix standards, making the results easy to transfer to other systems. The package was named "Rule Set Based Access Control" (RSBAC).

Using a Unix like system produced the major goal of extending a weak, discretionary access control by a new, stronger, more flexible and mandatory control. Instead of encoding it should make the adaption of security policies possible by administration of several security modules. Easy addition of other security modules was to be included as well.

In this thesis La Padula's proposal is checked, extended, completed for a real system and at last implemented in it.

As a special example for the ability of integration Dr. Simone Fischer-Huebner's complex Privacy Model was chosen, implementing it for the first time in a real system. Its adaption to my concept was done together with Simone Fischer-Huebner.

Placing a focus on Privacy, the extensive logging is done using pseudonyms that can be changed and read only by security managers or data protection managers.

In the end the gain in security and safety is checked against the ITSEC funtional criteria, extended by two privacy goals.

2.  References

http://www.cs.kau.se/~simone/



Print

Page updated June 2, 2004

Summary: This document should introduce you to the RSBAC access control system.

Amon Ott
Author

Michal Purzynski
Editor

Guillaume Destuynder
Editor

Donate to support our development efforts.

Copyright 2001-2014 Gentoo Foundation, Inc. Questions, Comments? Contact us.