> In my Diplomarbeit (master thesis) I implemented a rather new way of
> access control system into the linux kernel, following the Generalized
> Framework for Access Control. The system devides access control in
> enforcement, done in the system calls, and decision, done in separate
> modules, one for each implemented security model.ˇ
> [...]
> Further information and the package can be found at the RSBAC homepage:ˇ
> http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbacˇ
Version 1.0.2 is available now.
Changes:
- On some machines, the kernel crashed after some time under heavy load
(not sure why, maybe semaphore deadlock). Changed RSBAC process owner
management, no more crashes detected.
- As a new security module an on-access Malware Scanner has been added. It
currently detects linux viruses bliss.A and bliss.B and denies execute
(optionally also read-open and read-write-open) of infected files for all
programs/processes, unless marked as trusted (useful for user level
scanners etc.).
- Some minor bugs fixed
To be done:
- Malware detection by a real, sophisticated scanner, maybe in user space
- Finishing Clark-Wilson module
- Adding categories to Mandatory Access Control / Bell/La Padula module
- Menu based administration for privacy module
All help is appreciated!
Is anyone interested in another type of security model/module being added?
Amon.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu