Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/html/rsbac/overview.html
blob: b2092aeb47ef61bb0e2e7dd23551b17da39eee4e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link title="new" rel="stylesheet" href="http://www.gentoo.org/css/main.css" type="text/css">
<link REL="shortcut icon" HREF="http://www.gentoo.org/favicon.ico" TYPE="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="http://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
<title>Gentoo Linux Documentation
--
  Rule Set Based Access Control (RSBAC) for Linux - Overview</title>
</head>
<body style="margin:0px;" bgcolor="#ffffff"><table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr><td valign="top" height="125" bgcolor="#45347b"><a href="http://www.gentoo.org/"><img border="0" src="http://www.gentoo.org/images/gtop-www.jpg" alt="Gentoo Logo"></a></td></tr>
<tr><td valign="top" align="right" colspan="1" bgcolor="#ffffff"><table border="0" cellspacing="0" cellpadding="0" width="100%"><tr>
<td width="99%" class="content" valign="top" align="left">
<br><h1>Rule Set Based Access Control (RSBAC) for Linux - Overview</h1>
<form name="contents" action="http://www.gentoo.org">
<b>Content</b>:
        <select name="url" size="1" OnChange="location.href=form.url.options[form.url.selectedIndex].value" style="font-family:sans-serif,Arial,Helvetica"><option value="#doc_chap1">1. Key features</option>
<option value="#doc_chap2">2. What is RSBAC?</option>
<option value="#doc_chap3">3. Implemented models</option></select>
</form>
<p class="chaphead"><a name="doc_chap1"></a><span class="chapnum">1.
            </span>Key features</p>
<ul>
<li>Free Open Source (GPL) Linux kernel security extension</li>
<li>Independent of governments and big companies</li>
<li>Several well-known and new security models, including MAC, ACL and RC</li>
<li>Control over individual users and program network accesses</li>
<li>Any combination of models is possible</li>
<li>Easily extensible: write your own model for runtime registration</li>
<li>Supports all the current kernels</li>
<li>Stable for production use</li>
</ul>
<p class="chaphead"><a name="doc_chap2"></a><span class="chapnum">2.
            </span>What is RSBAC?</p>
<p>	
RSBAC is a flexible, powerful and fast open source access control
framework for current Linux kernels, which has been in stable production
use since January 2000 (version 1.0.9a). The full developement has been done independentely, and no existing access control code has been reused.
</p>
<p>
The standard package includes a range of access control models like MAC,
RC, ACL (see below). Furthermore, the runtime registration facility
(REG) makes it easy to implement your own access control model as a kernel
module and get it registered at runtime.
</p>
<p>
The RSBAC framework is based on the <a href="http://www.acsac.org/secshelf/book001/09.pdf">Generalized Framework for Access Control (GFAC)</a> by Abrams and LaPadula. All security relevant system calls
are extended by security enforcement code. This code calls the central
decision component, which in turn calls all active decision modules and
generates a combined decision. This decision is then enforced by the
system call extensions.
</p>
<p>
Decisions are based on the type of access (request type), the access
target and on the values of attributes attached to the subject calling and
to the target to be accessed. Additional independent attributes can be
used by individual modules, e.g. the privacy module (<a href="#doc_chap3_sect4">PM</a>). All attributes
are stored in fully protected directories, one on each mounted device.
Thus changes to attributes require special system calls.
</p>
<p>
All types of network accesses can be controlled
individually for all users and programs. This gives you full control over
their network behaviour and makes unintended network accesses easier to
prevent and detect.
</p>
<p>
As all types of access decisions are based on general decision requests,
many different security policies can be implemented as a decision module.
Apart from the builtin models shown below, the optional Module
Registration (REG) allows for registration of additional, individual
decision modules at runtime.
</p>
<p class="chaphead"><a name="doc_chap3"></a><span class="chapnum">3.
            </span>Implemented models</p>
<p>
In the RSBAC version 1.2.5, the following modules are included. Please
note that all modules are optional.
</p>
<p class="secthead"><a name="doc_chap3_sect2">MAC</a></p>
<p>
Bell-LaPadula Mandatory Access Control
</p>
<p class="secthead"><a name="doc_chap3_sect3">UM</a></p>
<p>
The User Management in RSBAC is kernel based and complements or totally replace 
Linux’s subsystem.
Administration of users is enforced with granularity and flexibility.
</p>
<p class="secthead"><a name="doc_chap3_sect4">PM</a></p>
<p>
Privacy Model. <a href="http://www.cs.kau.se/~simone/">Simone Fischer-Huebner</a>'s Privacy Model in its
first implementation. See RSBAC <a href="http://rsbac.org/doc/media/niss98.php">paper on PM implementation</a>
for the National Information Systems Security Conference (NISSC 98)
</p>
<p class="secthead"><a name="doc_chap3_sect5">Dazuko</a></p>
<p>
This is not really an access control model, but rather a system protection module against
malware. Execution and reading of malware infected files can be prevented.
</p>
<p class="secthead"><a name="doc_chap3_sect6">FF</a></p>
<p>
File Flags. Provide and use flags for dirs and files, currently
execute_only (files), read_only (files and dirs), search_only
(dirs), secure_delete (files), no_execute (files), add_inherited
(files and dirs), no_rename_or_delete (files and dirs, no
inheritance) and append_only(files and dirs). Only FF security
officers may modify these flags.
</p>
<p class="secthead"><a name="doc_chap3_sect7">RC</a></p>
<p>
Role Compatibility. Defines roles and types for each target type
(file, dir, dev, ipc, scd, process). For each role, compatibility
to all types and to other roles can be set individually and with
request granularity. For administration there is a fine grained
separation-of-duty. Granted rights can have a time limit. Please
also refer to the <a href="http://rsbac.org/doc/media/rc-nordsec2002/index.html">Nordsec 2002 RC Paper</a> for the detailed model
design and specification.
</p>
<p class="secthead"><a name="doc_chap3_sect8">AUTH</a></p>
<p>
Authorization enforcement. Controls all CHANGE_OWNER requests for
process targets, only programs/processes with general setuid
allowance and those with a capability for the target user ID may
setuid. Capabilities can be controlled by other
programs/processes, e.g. authentication daemons.
</p>
<p class="secthead"><a name="doc_chap3_sect9">ACL</a></p>
<p>
Access Control Lists. For every object there is an Access Control
List, defining which subjects may access this object with which
request types. Subjects can be of type user, RC role and ACL
group. Objects are grouped by their target type, but have
individual ACLs. If there is no ACL entry for a subject at an
object, rights are inherited from parent objects, restricted by an
inheritance mask. Direct (user) and indirect (role, group) rights
are accumulated. For each object type there is a default ACL on
top of the normal hierarchy. Group management has been added in
version 1.0.9a. Granted rights and group memberships can have a
time limit.
</p>
<p class="secthead"><a name="doc_chap3_sect10">CAP</a></p>
<p>
Linux Capabilities. For all users and programs you
can define a minimum and a maximum Linux capability set ("set of
root special rights"). This lets you e.g. run server programs as
normal user, or restrict rights of root programs in the standard
Linux way.
</p>
<p class="secthead"><a name="doc_chap3_sect11">JAIL</a></p>
<p>
Process Jails. This module adds a new system call
rsbac_jail, which is basically a superset of the FreeBSD jail
system call. It encapsulates the calling process and all
subprocesses in a chroot environment with a fixed IP address and a
lot of further restrictions.
</p>
<p class="secthead"><a name="doc_chap3_sect12">RES</a></p>
<p>
Linux Resources. For all users and programs you can
define a minimum and a maximum Linux process resource set (e.g.
memory size, number of open files, number of processes per user).
Internally, these sets are applied to the standard Linux resource
flags.
</p>
<p>	   
All decision modules are described in detail on the module description
page.
</p>
<p>
A general goal of RSBAC design has been to some day reach the (obsolete)
Orange Book (TCSEC) B1 level.
</p>
<br><p class="copyright">
	The contents of this document, unless otherwise expressly stated, are licensed under the <a href="http://creativecommons.org/licenses/by-sa/2.5">CC-BY-SA-2.5</a> license. The <a href="http://www.gentoo.org/main/en/name-logo.xml"> Gentoo Name and Logo Usage Guidelines </a> apply.
  </p>
<!--
  <rdf:RDF xmlns="http://web.resource.org/cc/"
      xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
  
  <license rdf:about="http://creativecommons.org/licenses/by-sa/2.5/">
    
     <permits rdf:resource="http://web.resource.org/cc/Reproduction" />
     <permits rdf:resource="http://web.resource.org/cc/Distribution" />
     <requires rdf:resource="http://web.resource.org/cc/Notice" />
     <requires rdf:resource="http://web.resource.org/cc/Attribution" />
     <permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
     <requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
  </License>
  </rdf:RDF>
--><br>
</td>
<td width="1%" bgcolor="#dddaec" valign="top"><table border="0" cellspacing="4px" cellpadding="4px">
<tr><td class="topsep" align="center"><p class="altmenu"><a title="View a printer-friendly version" class="altlink" href="overview.xml?style=printable">Print</a></p></td></tr>
<tr><td class="topsep" align="center"><p class="alttext">Page updated October 11, 2005</p></td></tr>
<tr><td class="topsep" align="left"><p class="alttext"><b>Summary: </b>
This document should give you an overview of RSBAC access control system.
</p></td></tr>
<tr><td align="left" class="topsep"><p class="alttext">
  <a href="mailto:ao@rsbac.org" class="altlink"><b>Amon Ott</b></a>
<br><i>Author</i><br><br> 
  <a href="mailto:albeiro@gentoo.pl" class="altlink"><b>Michal Purzynski</b></a>
<br><i>Editor</i><br><br>
  <a href="mailto:kang@insecure.ws" class="altlink"><b>Guillaume Destuynder</b></a>
<br><i>Editor</i><br></p></td></tr>
<tr lang="en"><td align="center" class="topsep">
<p class="alttext"><b>Donate</b> to support our development efforts.
        </p>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_xclick"><input type="hidden" name="business" value="paypal@gentoo.org"><input type="hidden" name="item_name" value="Gentoo Linux Support"><input type="hidden" name="item_number" value="1000"><input type="hidden" name="image_url" value="http://www.gentoo.org/images/paypal.png"><input type="hidden" name="no_shipping" value="1"><input type="hidden" name="return" value="http://www.gentoo.org"><input type="hidden" name="cancel_return" value="http://www.gentoo.org"><input type="image" src="http://images.paypal.com/images/x-click-but21.gif" name="submit" alt="Donate to Gentoo">
</form>
</td></tr>
<tr lang="en"><td align="center"><iframe src="http://sidebar.gentoo.org" scrolling="no" width="125" height="850" frameborder="0" style="border:0px padding:0x" marginwidth="0" marginheight="0"><p>Your browser does not support iframes.</p></iframe></td></tr>
</table></td>
</tr></table></td></tr>
<tr><td colspan="2" align="right" class="infohead">
Copyright 2001-2012 Gentoo Foundation, Inc. Questions, Comments? <a class="highlight" href="http://www.gentoo.org/main/en/contact.xml">Contact us</a>.
</td></tr>
</table></body>
</html>