Rule Set Based Access Control (RSBAC) for Linux -
control systems and RSBAC
Traditional access control systems used to be melted into the system
kernel. The actual security policy was deeply connected to the whole
design of the system and hard-coded into the security part, making
modifications to meet changed requirements a difficult task.
In this work I used a new proposal by L. J. La Padula, based on the
"Generalized Framework for Access Control", which was developed by
a working group led by Marshall Abrams at MITRE. By division of the
functional components they made it possible to simply configure many
different security policies based on well-known and easily extensible
For the implementation I choosed the Unix Linux variant of Unix,
thanks to it's freely available source code. It is also very stable and
near to both La Padula's example system and also common Unix standards,
making the results easy to transfer to other systems. The package was
named "Rule Set Based Access Control" (RSBAC).
Using a Unix like system produced the major goal of extending a
weak, discretionary access control by a new, stronger, more flexible
and mandatory control. Instead of encoding it should make the adaption
of security policies possible by administration of several security
modules. Easy addition of other security modules was to be included
In this thesis La Padula's proposal is checked, extended, completed
for a real system and at last implemented in it.
As a special example for the ability of integration Dr. Simone
Fischer-Huebner's complex Privacy Model was chosen, implementing it for
the first time in a real system. Its adaption to my concept was done
together with Simone Fischer-Huebner.
Placing a focus on Privacy, the extensive logging is done using
pseudonyms that can be changed and read only by security managers or
data protection managers.
In the end the gain in security and safety is checked against the
ITSEC funtional criteria, extended by two privacy goals.
The contents of this document, unless otherwise expressly stated, are licensed under the CC-BY-SA-2.5 license. The Gentoo Name and Logo Usage Guidelines apply.