RSBAC
Encyclopedia
RSBAC is an open source
access control
framework for current Linux kernel
s, which has been in stable production use since January 2000 (version 1.0.9a).
RSBAC means RuleSet Based Access Control, and is also an RBAC, Role Based Access Control solution, the two acronyms may sometimes cause confusion.
In his essay Rule Set Modeling of a Trusted Computer System, Leonard LaPadula describes how the Generalized Framework for Access Control (GFAC) approach could be implemented in the Unix System V operating system. He introduced the clear separation between Access Enforcement Facility (AEF), Access Decision Facility (ADF) with Access Control Rules (ACR) and Access Control Information (ACI).
The AEF as part of the system call function calls the ADF, which uses ACI and the rules to return a decision and a set of new ACI attribute values. The decision is then enforced by the AEF, which also sets the new attribute values and, in case of allowed access, provides object access to the subject.
This structure requires all security relevant system calls to be extended by AEF interception, and it needs a well defined interface between AEF and ADF. For better modeling, a set of request types was used, in which all system call functionalities were to be expressed. The general structure of the GFAC has also been included in the ISO standard 10181-3 Security frameworks for open systems: Access control framework and into the OpenGroup standard Authorization (AZN) API.
The first RSBAC prototype followed La Padula’s suggestions and implemented some access control policies briefly described there, namely MAC, FC and SIM, as well as the Privacy Model by Simone Fischer-Hübner.
Many aspects of the system have changed a lot since then, e.g. the current framework supports more object types, includes generic list management and network access control, contains several additional security models and supports runtime registration of decision modules and system calls for their administration.
However, RSBAC brings its own hooking code instead of relying on LSM, the Linux Security Module.
Due to this, RSBAC is technically a replacement for LSM itself, and implement modules that are similar to SELinux, but with more and additional functionality.
The RSBAC framework incorporate complete object status and has a full knownledge of the kernel state when making decisions, making it more flexible and reliable. However, this comes at the cost of slightly higher overhead in the framework itself. While both SELinux and RSBAC enabled system have similar performance impact, LSM alone performance impact is negligible compared to the RSBAC framework alone.
For this reason, LSM has been selected as default and unique security hooking mechanism in the Linux kernel, RSBAC coming as a separate patch only.
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
access control
Access control
Access control refers to exerting control over who can interact with a resource. Often but not always, this involves an authority, who does the controlling. The resource can be a given building, group of buildings, or computer-based information system...
framework for current Linux kernel
Linux kernel
The Linux kernel is an operating system kernel used by the Linux family of Unix-like operating systems. It is one of the most prominent examples of free and open source software....
s, which has been in stable production use since January 2000 (version 1.0.9a).
Features
- Free open source (GPLGNU General Public LicenseThe GNU General Public License is the most widely used free software license, originally written by Richard Stallman for the GNU Project....
) Linux kernel security extension. - Independent of governments and big companies.
- Several well-known and new security models, e.g. MACMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
, ACLAccess control listAn access control list , with respect to a computer file system, is a list of permissions attached to an object. An ACL specifies which users or system processes are granted access to objects, as well as what operations are allowed on given objects. Each entry in a typical ACL specifies a subject...
and RC. - On-access virus scanning with DazukoDazukoDazuko project provides a device driver for Linux allowing third-party applications to execute file access control. It was originally developed by Avira GmbH to allow on-access virus scanning...
interface. - Detailed control over individual user and program network accesses.
- Fully access controlled kernel level user management.
- Any combination of security models possible.
- Easily extensible: write your own model for runtime registration.
- Support for latest kernels.
- Stable for production use.
- Very easily portable to other operating systems.
RSBAC
The RSBAC system architecture has been derived and extended from the Generalized Framework for Access Control (GFAC) by Marshall Abrams and Leonard La Padula.RSBAC means RuleSet Based Access Control, and is also an RBAC, Role Based Access Control solution, the two acronyms may sometimes cause confusion.
In his essay Rule Set Modeling of a Trusted Computer System, Leonard LaPadula describes how the Generalized Framework for Access Control (GFAC) approach could be implemented in the Unix System V operating system. He introduced the clear separation between Access Enforcement Facility (AEF), Access Decision Facility (ADF) with Access Control Rules (ACR) and Access Control Information (ACI).
The AEF as part of the system call function calls the ADF, which uses ACI and the rules to return a decision and a set of new ACI attribute values. The decision is then enforced by the AEF, which also sets the new attribute values and, in case of allowed access, provides object access to the subject.
This structure requires all security relevant system calls to be extended by AEF interception, and it needs a well defined interface between AEF and ADF. For better modeling, a set of request types was used, in which all system call functionalities were to be expressed. The general structure of the GFAC has also been included in the ISO standard 10181-3 Security frameworks for open systems: Access control framework and into the OpenGroup standard Authorization (AZN) API.
The first RSBAC prototype followed La Padula’s suggestions and implemented some access control policies briefly described there, namely MAC, FC and SIM, as well as the Privacy Model by Simone Fischer-Hübner.
Many aspects of the system have changed a lot since then, e.g. the current framework supports more object types, includes generic list management and network access control, contains several additional security models and supports runtime registration of decision modules and system calls for their administration.
RSBAC and other solutions
RSBAC is very close to SELinux functionality wise as they share a lot more in their design that other access controls such as AppArmor, etc.However, RSBAC brings its own hooking code instead of relying on LSM, the Linux Security Module.
Due to this, RSBAC is technically a replacement for LSM itself, and implement modules that are similar to SELinux, but with more and additional functionality.
The RSBAC framework incorporate complete object status and has a full knownledge of the kernel state when making decisions, making it more flexible and reliable. However, this comes at the cost of slightly higher overhead in the framework itself. While both SELinux and RSBAC enabled system have similar performance impact, LSM alone performance impact is negligible compared to the RSBAC framework alone.
For this reason, LSM has been selected as default and unique security hooking mechanism in the Linux kernel, RSBAC coming as a separate patch only.
See also
- PaXPaXPaX is a patch for the Linux kernel that implements least privilege protections for memory pages. The least-privilege approach allows computer programs to do only what they have to do in order to be able to execute properly, and nothing more. PaX was first released in 2000.PaX flags data memory as...
- Security-Enhanced LinuxSecurity-Enhanced LinuxSecurity-Enhanced Linux is a Linux feature that provides a mechanism for supporting access control security policies, including United States Department of Defense-style mandatory access controls, through the use of Linux Security Modules in the Linux kernel...
- grsecurityGrsecuritygrsecurity is a set of patches for the Linux kernel with an emphasis on enhancing security. Its typical application is in computer systems that accept remote connections from untrusted locations, such as web servers and systems offering shell access to its users.Released under the GNU General...
- Mandatory access controlMandatory access controlIn computer security, mandatory access control refers to a type of access control by which the operating system constrains the ability of a subject or initiator to access or generally perform some sort of operation on an object or target...
- Computer securityComputer securityComputer security is a branch of computer technology known as information security as applied to computers and networks. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to...