1.4. Alternatives for RSBAC

Much work has recently been done to enhance security on the kernel level of Open Source operating systems. For example TrustedBSD (which is a project that aims at adding security extensions to the FreeBSD kernel), LOMAC extensions for Linux (http://freshmeat.net/projects/lomac), POSIX.1e ACL's (http://acl.betbits.at/)) and the aforementioned Linux Capabilities.

For some time the American NSA (National Security Agency) has been working on SELinux - which is an addition to the Linux operating system that strongly resembles the RSBAC extensions for Linux. However it is based on a different theoretical framework. Still, SELinux is similar with RSBAC in many ways. Check out http://www.nsa.gov/selinux/faq.html for additional information.

Those of you who want to dig into the differences of these two systems may want to read a discussion between Amon Ott en Stephen Smalley (SELinux). Check out the thread that starts on http://www.nsa.gov/selinux/list-archive/0344.html or http://www.rsbac.org/oldarchives/rsbac.2001/date/article-248.html .

SELinux has been offered tot the Open Source community as a prototype on 1.1.2000. RSBAC already had a positive track-record since 1996. Both solutions stem from (academic) research, both of them are fully Open Source. The similiarities will undoubtetly lead to mutual adaptation of algorithms and code. It is my fondest desire that both systems will gain from each other. For now, my humble opinion is that RSBAC still holds the advantage over SELinux: it sustains a high quality and stability and has been around for many years. It's famous for its modularity and extensibility which has lead to the availability of security models that no other system can offer, for example the Privacy Model.