Announce: RSBAC v1.1.2 released

From: Amon Ott <>
Subject: Announce: RSBAC v1.1.2 released
Date: Mon, 3 Sep 2001 09:44:14 +0200

Next Article (by Author): rsbac-v1.2.0-pre1 uploaded Amon Ott
Previous Article (by Author): Re: Future: RSBAC and Unix sockets Amon Ott
Articles sorted by: [Date] [Author] [Subject]


Rule Set Based Access Control (RSBAC) version 1.1.2 has been released.
Information and downloads are available from

Amon Ott.


Name:          rsbac
Version:       1.1.2
Kernelver:     2.2.19, 2.4.8-9
Status:        9 (UP), 8 (SMP)
Author:        Amon Ott <>
Maintainer:    Amon Ott <>
Description:   Rule Set Based Access Control (RSBAC)
Date:          27-August-2001

What is RSBAC?
Key features:
  <li>Open Source (GPL) Linux kernel security extension</li>
  <li>Several well-known and new security models, e.g. MAC, ACL and RC</li>
  <li>Any combination of models possible</li>
  <li>Easily extensible: write your own model for runtime registration</li>
  <li>Support for current kernels</li>
  <li>Stable for production use</li>

RSBAC is a flexible, powerful and fast open source access control framework
for current Linux kernels, which has been in stable production use for over
a year (since version 1.0.9a).

The standard package includes a range of access control models like MAC, RC,
ACL (see below). Furthermore, the runtime registration facility (REG) makes
it easy to implement your own access control model as a kernel module and
get it registered at runtime.

The RSBAC framework is based on the Generalized Framework for Access Control
(GFAC) by Abrams and LaPadula. All security relevant system calls are
extended by security enforcement code. This code calls the central decision
component, which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call

Decisions are based on the type of access (request type), the access target
and on the values of attributes attached to the subject calling and to the
target to be accessed. Additional independent attributes can be used by
individual modules, e.g. the privacy module (PM). All attributes are stored
in fully protected directories, one on each mounted device. Thus changes to
attributes require special system calls provided.

As all types of access decisions are based on general decision requests,
many different security policies can be implemented as a decision module.
Apart from the builtin models shown below, the optional Module Registration
(REG) allows for registration of additional, individual decision modules at

In the RSBAC version 1.1.2, the following modules are included. Please note
that all modules are optional. They are described in detail in an extra

MAC:  Bell-LaPadula Mandatory Access Control (compartments limited to a number
      of 64)

FC:   Functional Control. A simple role based model, restricting access to
      security information to security officers and access to system
      information to administrators.

SIM:  Security Information Modification. Only security administrators are
      allowed to modify data labeled as security information

PM:   Privacy Model. Simone Fischer-Hübner's Privacy Model in its first
      implementation. See our paper on PM implementation (43K) for the
      National Information Systems Security Conference (NISSC 98)

MS:   Malware Scan. Scan all files for malware on execution (optionally on all
      file read accesses or on all TCP/UDP read accesses), deny access if
      infected. Currently the Linux viruses Bliss.A and Bliss.B and a handfull
      of others are detected. See our paper on Approaches to Integrated
      Malware Detection and Avoidance (34K) for The Third Nordic Workshop on
      Secure IT Systems (Nordsec'98)

FF:   File Flags. Provide and use flags for dirs and files, currently
      execute_only (files), read_only (files and dirs), search_only (dirs),
      secure_delete (files), no_execute (files), add_inherited (files and dirs)
      and no_rename_or_delete(files and dirs, no inheritance). Only security
      officers may modify these flags.

RC:   Role Compatibility. Defines 64 roles and 64 types for each target type
      (file, dir, dev, ipc, scd, process). For each role, compatibility to all
      types and to other roles can be set individually and with request
      granularity. For administration there is a fine grained

AUTH: Authorization enforcement. Controls all CHANGE_OWNER requests for
      process targets, only programs/processes with general setuid allowance
      and those with a capability for the target user ID may setuid.
      Capabilities can be controlled by other programs/processes, e.g.
      authentication daemons.

ACL:  Access Control Lists. For every object there is an Access Control List,
      defining which subjects may access this object with which request types.
      Subjects can be of type user, RC role and ACL group. Objects are grouped
      by their target type, but have individual ACLs. If there is no ACL entry
      for a subject at an object, rights are inherited from parent objects,
      restricted by an inheritance mask. Direct (user) and indirect (role,
      group) rights are accumulated. For each object type there is a default
      ACL on top of the normal hierarchy. Group management has been added in
      version 1.0.9a.

A general goal of RSBAC design has been to some day reach (obsolete) Orange
Book (TCSEC) B1 level. Now it is mostly targeting to be useful as secure and
multi-purposed networked system, with special interest in firewalls.

RSBAC Changes
1.1.2: - Own RSBAC memory allocation functions. Own RSBAC mem slabs in 2.4
       - Generic lists - simply register your list item sizes with filename
         and persist flag, and a persistent list will be kept for you.
       - Generic lists of lists, two level version.
       - Moved pm_data_structures.c to new lists with proc backup files
         Attention: There is no auto-update from older versions possible!
       - proc backup files for RC and ACL are now optional
       - New proc subdir pm, replaces old write_list call
       - rsbac_pm write_list call removed
       - New FD aci version with new rc_initial_role and 16 bit ff_flags
       - New FF flag append_only, which limits all write accesses to
         APPEND_OPEN and WRITE
       - Fix for rename hole: rename could replace and thus delete an
         existing file without DELETE check. Also performs secure_delete, if
       - New rsbac_mount hook in change_root for initial ramdisk
       - Fixed missing Linux check in bad_signal
       - Added optional switch rsbac_dac_disable to disable Linux filesystem
         access control
       - Added count support for multiple mounts
       - Added optional switch rsbac_nosyslog to temporarily disable logging
         to syslog
       - Added config option for DEBUG code

Amon Ott <>
To unsubscribe from the rsbac list, send a mail to with
unsubscribe rsbac
as single line in the body.

Next Article (by Author): rsbac-v1.2.0-pre1 uploaded Amon Ott
Previous Article (by Author): Re: Future: RSBAC and Unix sockets Amon Ott
Articles sorted by: [Date] [Author] [Subject]

Go to Compuniverse LWGate Home Page.