RSBAC 1.0.5 for 2.1.125 is out and can be downloaded from RSBAC
homepage at
http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
and received per mail via majordomo RSBAC mailing list archive at
majordomo@morpork.shnet.org.
Send
subscribe rsbac
in the body of a mail to majordomo to join the list, or
index rsbac
to get the file list. Files will be sent uuencoded.
(Use help to get help on majordomo mailing lists).
WHAT IS RSBAC?
RSBAC is mostly a big patch for current Linux kernels. It is based
on the Generalized Framework for Access Control (GFAC) by Abrams and
LaPadula and provides a flexible system of access control based on
several modules.
All security relevant system calls are extended by security
enforcement code. This code calls the central decision component,
which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call
extensions.
Decisions are based on the type of access (request type), the access
target and on the values of attributes attached to the subject calling
and to the target to be accessed. Additional independent attributes
can be used by individual modules, e.g. the privacy module (PM). All
attributes are stored in fully protected directories, one on each
mounted device. Thus changes to attributes require special system calls
provided.
As all types of access decisions are based on general decision requests,
many different security policies can be implemented as a decision
module. In the current RSBAC version (1.0.3), six modules are included:
MAC: Bell-LaPadula Mandatory Access Control (compartements not yet
implemented)
CWI: Clark-Wilson-Integrity (only basics implemented)
FC: Functional Control. A simple role based model, restricting access
to security information to security officers and access to system
information to administrators.
SIM: Security Information Modification. Only security
administrators are allowed to modify data labeled as security
information
PM: Privacy Model. Simone Fischer-Hübner's Privacy Model in its first
implementation.
MS: Malware Scan. Scan all files for malware on execution
(optionally on all read accesses), deny access if infected.
Currently the Linux viruses Bliss.A and Bliss.B and a handfull of
others are detected.
A general goal of RSBAC is to some day reach Orange Bool (TCSEC) B1
level. For this many special problems have been and will have to be
addressed.
RSBAC Changes in recent versions
--------------------------------
1.0.4:
- Port via 2.1.115 and 2.1.124 to 2.1.125
- IPC targets: changed ids for sockets from pid/fd combination
to pointer to sock structure, including (many) changes in the
handling.
- Added socket level scanning (tcp and udp) to module Malware Scan.
This feature can stop malware while still being transferred to
your system. Added new attributes for IPC, process and file/dir
targets to manage socket scan.
- Reordered configuration options
- Added CONFIG_RSBAC_NO_WRITE to totally disable writing to disk
for testing purposes and kernel parameter rsbac_debug_no_write
to temporarily disable disk writing
- Added CONFIG_RSBAC_*_ROLE_PROTection for all role dependant
modules: Now change-owner (setuid etc.) can be restricted
between users with special roles - see configuration help for
details
- Some more bugfixes, mostly to decision modules
1.0.5:
- Rewrote most of attribute saving to disk. Now disk writing is
never done with a spinlock held, increasing stability
significantly
(is this a taboo? if yes, where is it documented?)
- Changed write-to-disk behaviour: The old immediate write is no
longer default, but optional (CONFIG_RSBAC_SYNC_WRITE). Instead,
sys_rsbac_write can be used from user space or a kernel daemon
can be activated to write changes automatically every n seconds
(CONFIG_RSBAC_AUTO_WRITE)
- Added kernel param rsbac_debug_auto for the daemon - gives a
good overview of attribute change rate
- Added proc interface for statistics and many RSBAC settings
- Added rsbac_adf_request calls MODIFY_SYSTEM_DATA to sysctl.c
- Wrote man pages for all RSBAC syscalls
(in Documentation/rsbac/man)
- Added version information and check for all file/dir/dev aci
and for log_levels
- Added some more scan strings to Malware Scan module, had to
change string representation to a more general way
26/10/98
Amon Ott.
--- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/