html/rsbac/intro.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
  Rule Set Based Access Control (RSBAC) for Linux -
Introduction</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
<br><h1>Rule Set Based Access Control (RSBAC) for Linux -
Introduction</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Introduction</option>
<option value="#doc_chap2">2. References</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
            </span>Introduction</p>
<p class="secthead"><a name="doc_chap1_sect1">Traditional access
control systems and RSBAC</a></p>
<p> Traditional access control systems used to be melted into the system
kernel. The actual security policy was deeply connected to the whole
design of the system and hard-coded into the security part, making
modifications to meet changed requirements a difficult task.  </p>
<p> In this work I used a new proposal by L. J. La Padula, based on the
"Generalized Framework for Access Control", which was developed by
a working group led by Marshall Abrams at MITRE. By division of the
functional components they made it possible to simply configure many
different security policies based on well-known and easily extensible
models.  </p>
<p class="secthead"><a name="doc_chap1_sect2">Implementation</a></p>
<p> For the implementation I choosed the Unix Linux variant of Unix,
thanks to it's freely available source code. It is also very stable and
near to both La Padula's example system and also common Unix standards,
making the results easy to transfer to other systems. The package was
named "Rule Set Based Access Control" (RSBAC).	</p>
<p> Using a Unix like system produced the major goal of extending a
weak, discretionary access control by a new, stronger, more flexible
and mandatory control. Instead of encoding it should make the adaption
of security policies possible by administration of several security
modules. Easy addition of other security modules was to be included
as well.  </p>
<p> In this thesis La Padula's proposal is checked, extended, completed
for a real system and at last implemented in it.  </p>
<p> As a special example for the ability of integration Dr. Simone
Fischer-Huebner's complex Privacy Model was chosen, implementing it for
the first time in a real system. Its adaption to my concept was done
together with Simone Fischer-Huebner.  </p>
<p> Placing a focus on Privacy, the extensive logging is done using
pseudonyms that can be changed and read only by security managers or
data protection managers.  </p>
<p> In the end the gain in security and safety is checked against the
ITSEC funtional criteria, extended by two privacy goals.  </p>
<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
            </span>References</p>
<p> <a href="http://www.cs.kau.se/~simone/">http://www.cs.kau.se/~simone/</a>
</p>
<br><p class="copyright">
    The contents of this document are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">Creative Commons -
    Attribution / Share Alike</a> license.
  </p>
<!--
  <rdf:RDF xmlns="http://web.resource.org/cc/"
      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  <License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
     <requires rdf:resource="http://web.resource.org/cc/Notice" />
     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
  </License>
  </rdf:RDF>
--><br>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="intro.xml?style=printable">Print</a></p></td></tr>
<tr><td class="topsep" align="center"><p class="alttext">Updated 2 June 2004</p></td></tr>
<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b> This document should introduce you to the RSBAC
access control system.	</p></td></tr>
<tr><td align="left" class="topsep"><p class="alttext">
  <a href="mailto:ao@rsbac.org" class="altlink"><b>Amon Ott</b></a>
<br><i>Author</i><br><br>
  <a href="mailto:albeiro@gentoo.pl" class="altlink"><b>Michal Purzynski</b></a>
<br><i>Editor</i><br><br>
  <a href="mailto:kang@gentoo.org" class="altlink"><b>Guillaume Destuynder</b></a>
<br><i>Editor</i><br></p></td></tr>
<tr lang="en"><td align="center" class="topsep">
<p class="alttext"><b>Donate</b> to support our development efforts.
        </p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
</form>
</td></tr>
<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
</table></td>
</tr></table></td></tr>
<tr><td colspan="2" align="right" class="infohead">
Copyright 2001-2010 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
</td></tr>
</table></body>
</html>