From: ao@morpork.shnet.org (A. Ott)
Subject: RSBAC v1.0.6 for 2.1.128
Date: 19 Nov 1998 16:38:00 +0100
Next Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): RSBAC status ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]
Hi! The new RSBAC version 1.0.6 for kernel 2.1.128 is out to be tested. It can be downloaded as usual from http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac ftp://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac (people dir not visible in ftp listing!) and via RSBAC mailing list at majordomo@morpork.shnet.org. Amon Ott. ----------------------------- What is RSBAC? -------------- RSBAC is mostly a big patch for current Linux kernels. It is based on the Generalized Framework for Access Control (GFAC) by Abrams and LaPadula and provides a flexible system of access control based on several modules. All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules and generates a combined decision. This decision is then enforced by the system call extensions. Decisions are based on the type of access (request type), the access target and on the values of attributes attached to the subject calling and to the target to be accessed. Additional independent attributes can be used by individual modules, e.g. the privacy module (PM). All attributes are stored in fully protected directories, one on each mounted device. Thus changes to attributes require special system calls provided. As all types of access decisions are based on general decision requests, many different security policies can be implemented as a decision module. In the current RSBAC version (1.0.6), seven modules are included: MAC: Bell-LaPadula Mandatory Access Control (compartements not yet implemented) CWI: Clark-Wilson-Integrity (only basics implemented, not working) FC: Functional Control. A simple role based model, restricting access to security information to security officers and access to system information to administrators. SIM: Security Information Modification. Only security administrators are allowed to modify data labeled as security information PM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its first implementation. See our paper on PM implementation for the National Information Systems Security Conference (NISSC 98) MS: Malware Scan. Scan all files for malware on execution (optionally on all file read accesses or on all TCP/UDP read accesses), deny access if infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull of others are detected. See our paper on malware detection and avoidance for The Third Nordic Workshop on Secure IT Systems (Nordsec'98) FF: File Flags. Provide and use flags for dirs and files, currently execute_only (files), read_only (files and dirs) and search_only (dirs). Only security officers may modify these flags. A general goal of RSBAC is to some day reach Orange Bool (TCSEC) B1 level. For this many special problems have been and will have to be addressed. RSBAC Changes in this version ----------------------------- 1.0.6: - Moved to 2.1.128 - Cleaned up old includes in syscalls.c - Added RSBAC own logging in /proc/rsbac-info/rmsg, to be accessed by modified klogd or sys_rsbac_log, restricted by most modules to security officers. Additionally, logging to standard syslog can be turned off to hide security relevant log from all but those with explicit access. - Added module File Flags with attribute ff_flags for FILE/DIR targets - Added auto-update of last version attributes (only FD changed though) - Changed ms_trusted from boolean to tristate: non-trusted, read, full - Fixed rm -r hang bug - Added consistency check for RSBAC items, which can remove items for deleted inodes (ext2 only) and entries containing only default values (FILE/DIR targets only). It also recalculates item counts. - Added sys_rsbac_check to trigger this check. How it will go on ----------------- Who knows?-) But there are a few things planned for the future: - Improve documentation - there are man pages, concept and detail descriptions, how-tos, examples and other stuff missing (volunteers?) - Add Access Control Lists (ACL) module, based on users and request types (likely for 1.0.7) - Add attribute inheritance for files, dirs and users (using groups) (also likely for 1.0.7, but needs many internal changes) - Move user and password management into kernel structures, providing a combined login-setuid system call and an administration call - Provide library patches and changes to checkpasswd (for qmail etc.) to use it - Care for object reuse problem - Include more scan strings into the Malware Scan module - (Maybe) Join RSBAC with Pretty Secure Linux - (Some day) With or without PSL: Meet B1 security requirements. --· Please remove second ao for E-Mail reply - no spam please! - To unsubscribe ao@morpork.shnet.org (A. Ott) from the rsbac list, send a mail to majordomo@morpork.shnet.org with unsubscribe rsbac as single line in the body.
Next Article (by Subject): Re: RSBAC ao@morpork.shnet.org (A. Ott)
Previous Article (by Subject): RSBAC status ao@morpork.shnet.org (A. Ott)
Articles sorted by: [Date]
[Author]
[Subject]