The RSBAC project started as its author's master thesis in November 1996 at Hamburg University. In the spirit of academic and Open Source principles it bases on earlier work of various researchers, amongst them Abrams and LaPadula [1]. Abrams et al designed a generic framework for access control (GFAC - Generalized Framework for Access Control) which Amon Ott adapted for Linux. All source code has been written independently. No companies or governments have steered or influenced its creation. All of its sourcecode has been published under the terms and conditions of the GPL.
On a running Unix (Linux) system programs/processes are not able to bypass the kernel if they want to use system resources like disks, io-ports and memory. Hence the only way to enforce security policies has been (and needs to be) within the kernel code. That reasoning lead to the rise of a number of security extension on the standard Linux kernel, amongst whom RSBAC takes a special place. RSBAC offers a sound framework that bases on a generic and generally well accepted theoretical model. It allows the inclusion of modules that implement one or more security enforcement models.
The RSBAC environment uses an object oriented model, derived from the generic GFAC model. The GFAC model allows definition of the functionality of security related software on the abstract level. With other words: the GFAC model can be used for all operating systems. It defines an abstract view, for example: "a subject can issue a request to an object which will be denied or granted", or "within this model there needs to be a component that decides and another one that enforces that decision".
RSBAC is a GFAC implementation for Unix. It honours the GFAC model but is more specific: "the subject (proces) that loads the program /a/b/c/ is not allowed to send a request of type READ_WRITE_OPEN to the FILE object '/tmp/a" or "the component that enforces the decision is named AEF, the component that decides will be know as the ADF and both will be implemented as part of the kernel code".
On an even less abstract level (RSBAC for Linux) this translates into code that implements "if
a process that loaded the program /a/b/c tries to execute the system call open('tmp/a',
O_RDWR)
this will be denied." and "the AEF is implemented as a series of
patches for the kernel".
[1] | La Padula, L. J., Rule Set Modeling of a Trusted Computer System, Essay, in: Information Security: An Integrated Collection of Essays, Hrsg.: Abrams, M. D., Jajodia, S., Podell, H. J., IEEE Computer Society Press, 1995 (also available on the Internet, see http://www.acsac.org/secshelf/09.pdf). |