RSBAC 1.0.5 and mailing list


From: ao@morpork.shnet.org (A. Ott)
Subject: RSBAC 1.0.5 and mailing list
Date: 27 Oct 1998 11:31:00 +0200

Next Article (by Date): Problems with 1.0.5 ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Hello to you all! :)

RSBAC 1.0.5 for 2.1.125 is out and can be downloaded from RSBAC
homepage at
http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
and received per mail via majordomo RSBAC mailing list archive at
majordomo@morpork.shnet.org.

Send
subscribe rsbac
in the body of a mail to majordomo to join the list, or
index rsbac
to get the file list. Files will be sent uuencoded.
(Use help to get help on majordomo mailing lists).


WHAT IS RSBAC?

RSBAC is mostly a big patch for current Linux kernels. It is based
on the Generalized Framework for Access Control (GFAC) by Abrams and
LaPadula and provides a flexible system of access control based on
several modules.

All security relevant system calls are extended by security
enforcement code. This code calls the central decision component,
which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call  
extensions.

Decisions are based on the type of access (request type), the access
target and on the values of attributes attached to the subject calling
and to the target to be accessed. Additional independent attributes
can be used by individual modules, e.g. the privacy module (PM). All  
attributes are stored in fully protected directories, one on each
mounted device. Thus changes to attributes require special system calls  
provided.

As all types of access decisions are based on general decision requests,
many different security policies can be implemented as a decision
module. In the current RSBAC version (1.0.3), six modules are included:

MAC: Bell-LaPadula Mandatory Access Control (compartements not yet
implemented)
CWI: Clark-Wilson-Integrity (only basics implemented)
FC:  Functional Control. A simple role based model, restricting access
     to security information to security officers and access to system
     information to administrators.
SIM: Security Information Modification. Only security
     administrators are allowed to modify data labeled as security
     information
PM:  Privacy Model. Simone Fischer-Huebner's Privacy Model in its first
     implementation.
MS:  Malware Scan. Scan all files for malware on execution
     (optionally on all read accesses), deny access if infected.
     Currently the Linux viruses Bliss.A and Bliss.B and a handfull of
     others are detected.

A general goal of RSBAC is to some day reach Orange Bool (TCSEC) B1
level. For this many special problems have been and will have to be  
addressed.


RSBAC Changes in recent versions
--------------------------------

1.0.4:
       - Port via 2.1.115 and 2.1.124 to 2.1.125
       - IPC targets: changed ids for sockets from pid/fd combination
         to pointer to sock structure, including (many) changes in the
         handling.
       - Added socket level scanning (tcp and udp) to module Malware Scan.
         This feature can stop malware while still being transferred to
         your system. Added new attributes for IPC, process and file/dir
         targets to manage socket scan.
       - Reordered configuration options
       - Added CONFIG_RSBAC_NO_WRITE to totally disable writing to disk
         for testing purposes and kernel parameter rsbac_debug_no_write
         to temporarily disable disk writing
       - Added CONFIG_RSBAC_*_ROLE_PROTection for all role dependant
         modules: Now change-owner (setuid etc.) can be restricted
         between users with special roles - see configuration help for
         details
       - Some more bugfixes, mostly to decision modules

1.0.5:
       - Rewrote most of attribute saving to disk. Now disk writing is
         never done with a spinlock held, increasing stability
         significantly
         (is this a taboo? if yes, where is it documented?)
       - Changed write-to-disk behaviour: The old immediate write is no
         longer default, but optional (CONFIG_RSBAC_SYNC_WRITE). Instead,
         sys_rsbac_write can be used from user space or a kernel daemon
         can be activated to write changes automatically every n seconds
         (CONFIG_RSBAC_AUTO_WRITE)
       - Added kernel param rsbac_debug_auto for the daemon - gives a
         good overview of attribute change rate
       - Added proc interface for statistics and many RSBAC settings
       - Added rsbac_adf_request calls MODIFY_SYSTEM_DATA to sysctl.c
       - Wrote man pages for all RSBAC syscalls
         (in Documentation/rsbac/man)
       - Added version information and check for all file/dir/dev aci
         and for log_levels
       - Added some more scan strings to Malware Scan module, had to
         change string representation to a more general way

26/10/98
Amon Ott.

--

-
To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to
majordomo@morpork.shnet.org with
unsubscribe rsbac
as single line in the body.

Next Article (by Date): Problems with 1.0.5 ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date] [Author] [Subject]


Go to Compuniverse LWGate Home Page.