Movatterモバイル変換

Date:   05 Jan 2000 16:43:00 +0100From:   ao@ao.morpork.shnet.org (A. Ott)To:     linux-kernel@vger.rutgers.eduSubject: Announce: RSBAC v1.0.9aHi all!Rule Set Based Access Control (RSBAC) release 1.0.9a is availablefrom the new RSBAC homepage athttp://www.rsbac.de.Name:          rsbacVersion:       1.0.9aKernelver:     2.2.13Status:        8Author:        Amon Ott <ao@compuniverse.com>Maintainer:    Amon Ott <ao@compuniverse.com>Description:   Rule Set Based Access Control (RSBAC)Date:          05-Jan-2000Descfile-URL:http://www.rsbac.de/rsbac/rsbac.descDownload-URL:http://www.rsbac.de/rsbac/download.htmHomepage-URL:http://www.rsbac.de/rsbacManual-URL:http://www.rsbac.de/rsbac/instadm.htmRSBAC Changes-------------1.0.9a:       - Added group management to ACL module.       - Removed CONFIG_RSBAC_SYNC option.       - Added module hints to logging       - Added RC separation of duty (see models.htm)       - Added RC force role inherit_up_mixed and made it default setting1.0.9: - Added registration of additional decision modules (REG)       - Wrote decision module examples (see README-reg and reg_samples dir)       - Port to 2.2.8, 2.2.9, 2.2.10, 2.2.11, 2.2.12 (pre versions)       - Heavily changed RC model: Now it has a distinguished role-to-type         compatibility setting for each request type, instead of one setting         for all request types. This allows for much finer grained access         control.         Unfortunately there was no way to update existing role settings,         so those have to be reentered by hand. Still, the types entries are         kept.       - Set all MSDOS based file systems to read-only, because inode         numbers are likely to change between boots.       - Added Access Control List module. ACLs are kept on FILE, DIR,         DEV, IPC, SCD and PROCESS targets (IPC and PROCESS have only         one default ACL each). Each entry contains subject type (user,         rc_role, group), subject id and the rights this subject has. Also,         rights are inherited from parents and from a target specific default         ACL.         See html/models.htm for details.       - Added optional full path logging.       - Save to disk inconsistency in PM sets fixed.What is RSBAC?--------------RSBAC is mostly a big patch for current Linux kernels. It is basedon the Generalized Framework for Access Control (GFAC) by Abrams andLaPadula and provides a flexible system of access control based on severalmodules.All security relevant system calls are extended by securityenforcement code. This code calls the central decision component, whichin turn calls all active decision modules and generates a combined decision.This decision is then enforced by the system call extensions.Decisions are based on the type of access (request type), the access targetand on the valuesof attributes attached to the subject calling and to the target to beaccessed. Additional independent attributes can be used by individual modules,e.g. theprivacy module (PM). All attributes are stored in fully protecteddirectories, one on each mounted device. Thus changes to attributes requirespecial system calls provided.As all types of access decisions are based on general decision requests,many different security policies can be implemented as a decision module. Inthe current RSBAC version (1.0.9a), eight modules are included:MAC: Bell-LaPadula Mandatory Access Control (limited to 64 compartments)FC: Functional Control. A simple role based model, restricting accessto security information to security officers and access to systeminformation to administrators.SIM: Security Information Modification. Only securityadministrators are allowed to modify data labeled as security informationPM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its firstimplementation. See our paper on PM implementation for the NationalInformation Systems Security Conference (NISSC 98)MS: Malware Scan. Scan all files for malware on execution(optionally on all file read accesses or on all TCP/UDP read accesses),deny access if infected. Currently the Linux viruses Bliss.A and Bliss.Band a handfull of others are detected. See our paper on malware detectionand avoidance for The Third Nordic Workshop on Secure IT Systems (Nordsec'98)FF: File Flags. Provide and use flags for dirs and files,currently execute_only (files), read_only (files and dirs), search_only(dirs), secure_delete (files) and add_inherited (files and dirs).Only security officers may modify these flags.RC: Role Compatibility. Defines 64 roles and 64 types for eachtarget type (file, dir, dev, ipc, scd, process). For each role compatibilityto all types and to other roles can be set individually and with requestgranularity.AUTH: Authorization enforcement. Controls all CHANGE_OWNERrequests for process targets, only programs/processes with general setuidallowance and those with a capability for the target user ID may setuid.Capabilities are controlled by other programs/processes.ACL: Access Control Lists. For every object there is an Access Control List,defining which subjects may access this object with which request types.Subjects can be of type user, RC role and ACL group. Objects are groupedby their target type, but have individual ACLs. If there is no ACL entry for asubject at an object, rights are inherited from parent objects, restricted byan inheritance mask. Direct (user) and indirect (role, group) rights areaccumulated.For each object type there is a default ACL on top of the normal hierarchy.Group management has been added in version 1.0.9a.The underlying models are described in the module description at RSBAChomepage (http://www.rsbac.de).A general goal of RSBAC has been to some day reach (obsolete) Orange Book(TCSEC) B1 level. Now it is mostly targeting to be useful as secure andmulti-purposed networked system, with special interest in firewalls.--## CrossPoint v3.11 ##-To unsubscribe from this list: send the line "unsubscribe linux-kernel" inthe body of a message to majordomo@vger.rutgers.eduPlease read the FAQ athttp://www.tux.org/lkml/