• Recent changes
    • ?
     

    Open Source

    RSBAC

    TigerVNC

    OpenSSH

    Bind9

    Dansguardian

    Table of Contents

    RSBAC: Rule Set Based Access Control

    RSBAC is a patch to the Linux kernel, and a small set of user space tools.

    m-privacy GmbH provides support and development to the RSBAC team, and to customers using RSBAC.

    You may find all the related files on the RSBAC website's download area.

    A framework

    First of all, RSBAC is not a security model by itself. It is a framework. This framework allows several different decision modules (interfaced easily with our Runtime Registration Facility: REG). Theses modules are the security models you want to use, to name a few:

    • MAC: Mandatory Access Control
    • ACL: Access Control Lists
    • DAZ: Antivirus Scanner Interface
    • RC: Role Compatibility

    To get a list and explanation of every model included in RSBAC, see the Security Models section of the handbook. RSBAC is a flexible, powerful and fast (low overhead) open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). All development is independent of governments and big companies, and no existing access control code has been reused.

    Practically, it allows full fine grained control over objects (files, processes, users, devices, etc.), memory execution prevention (PaX, NX), real time integrated virus detection, and much more.

    Features

    • Free Open Source (GPL) Linux kernel security solution
    • Independent of governments and big companies
    • Several well-known and new security models, like MAC, ACL and RC
    • Detailed control over individual user and program network accesses
    • Virtual User Management, in kernel and fully access controlled
    • On-access virus scanning with the Dazuko interface
    • Any combination of security models possible
    • Easily extensible: write your own model for runtime registration
    • Support for latest kernels and stable for production use

    Generalized Framework for Access Control

    RSBAC framework logic is based on the work done for the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules (the different modules implementing different security models) and generates a combined final decision. This decision is then enforced by the system call extensions.

    Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided.

    As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. Apart from the builtin models, the optional Module Registration (REG) allows for registration of additional, individual decision modules at runtime.

    Please visit the RSBAC website for further information.

     
    rsbac.txt · Last modified: 2009/11/24 18:24 by kang
     
    Copyright (c) 2008-9 m-privacy GmbH. All rights reserved.
    Software on this site is provided as-is without any warranty. All logos and trademarks are used under their respective licenses.

    Datenschutzerklärung | Impressum | Sitemap