RSBAC v1.0.6 for 2.1.128


From: ao@morpork.shnet.org (A. Ott)
Subject: RSBAC v1.0.6 for 2.1.128
Date: 19 Nov 1998 16:38:00 +0100

Next Article (by Author): Coda/AFS/DFS and NFS ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): rm -r hang patch ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Hi!

The new RSBAC version 1.0.6 for kernel 2.1.128 is out to be tested.
It can be downloaded as usual from
http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
ftp://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
(people dir not visible in ftp listing!)
and via RSBAC mailing list at majordomo@morpork.shnet.org.

Amon Ott.

-----------------------------

What is RSBAC?
--------------
RSBAC is mostly a big patch for current Linux kernels. It is based
on the Generalized Framework for Access Control (GFAC) by Abrams and
LaPadula and provides a flexible system of access control based on
several modules.

All security relevant system calls are extended by security
enforcement code. This code calls the central decision component,
which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call  
extensions.

Decisions are based on the type of access (request type), the access
target and on the values of attributes attached to the subject calling
and to the target to be accessed. Additional independent attributes
can be used by individual modules, e.g. the privacy module (PM). All  
attributes are stored in fully protected directories, one on each
mounted device. Thus changes to attributes require special system
calls provided.

As all types of access decisions are based on general decision
requests, many different security policies can be implemented as a  
decision module. In the current RSBAC version (1.0.6), seven modules
are included:

MAC: Bell-LaPadula Mandatory Access Control (compartements not yet
implemented)

CWI: Clark-Wilson-Integrity (only basics implemented, not working)

FC: Functional Control. A simple role based model, restricting access
to security information to security officers and access to system
information to administrators.

SIM: Security Information Modification. Only security administrators
are allowed to modify data labeled as security information

PM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its
first implementation. See our paper on PM implementation for the
National Information Systems Security Conference (NISSC 98)

MS: Malware Scan. Scan all files for malware on execution
(optionally on all file read accesses or on all TCP/UDP read
accesses), deny access if infected. Currently the Linux viruses
Bliss.A and Bliss.B and a handfull of others are detected. See our
paper on malware detection and avoidance for The Third Nordic
Workshop on Secure IT Systems (Nordsec'98)

FF: File Flags. Provide and use flags for dirs and files, currently
execute_only (files), read_only (files and dirs) and search_only
(dirs). Only security officers may modify these flags.

A general goal of RSBAC is to some day reach Orange Bool (TCSEC) B1
level. For this many special problems have been and will have to be  
addressed.


RSBAC Changes in this version
-----------------------------
1.0.6: - Moved to 2.1.128
       - Cleaned up old includes in syscalls.c
       - Added RSBAC own logging in /proc/rsbac-info/rmsg, to be
         accessed by modified klogd or sys_rsbac_log, restricted by
         most modules to security officers.
         Additionally, logging to standard syslog can be turned off
         to hide security relevant log from all but those with
         explicit access.
       - Added module File Flags with attribute ff_flags for FILE/DIR
         targets
       - Added auto-update of last version attributes (only FD
         changed though)
       - Changed ms_trusted from boolean to tristate: non-trusted,
         read, full
       - Fixed rm -r hang bug
       - Added consistency check for RSBAC items, which can remove
         items for deleted inodes (ext2 only) and entries containing
         only default values (FILE/DIR targets only). It also
         recalculates item counts.
       - Added sys_rsbac_check to trigger this check.


How it will go on
-----------------
Who knows?-) But there are a few things planned for the future:

- Improve documentation - there are man pages, concept and detail
  descriptions, how-tos, examples and
  other stuff missing (volunteers?)
- Add Access Control Lists (ACL) module, based on users and request
  types (likely for 1.0.7)
- Add attribute inheritance for files, dirs and users (using groups)
  (also likely for 1.0.7, but needs many internal changes)
- Move user and password management into kernel structures, providing
  a combined login-setuid system call and an administration call
- Provide library patches and changes to checkpasswd (for qmail etc.)
  to use it
- Care for object reuse problem
- Include more scan strings into the Malware Scan module
- (Maybe) Join RSBAC with Pretty Secure Linux
- (Some day) With or without PSL: Meet B1 security requirements.


--
Please remove second ao for E-Mail reply - no spam please!

-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): Coda/AFS/DFS and NFS ao@morpork.shnet.org (A. Ott)
Previous Article (by Author): rm -r hang patch ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.