The new RSBAC version 1.0.6 for kernel 2.1.128 is out to be tested.
It can be downloaded as usual from
http://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
ftp://agn-www.informatik.uni-hamburg.de/people/1ott/rsbac
(people dir not visible in ftp listing!)
and via RSBAC mailing list at majordomo@morpork.shnet.org.
Amon Ott.
-----------------------------
What is RSBAC?
--------------
RSBAC is mostly a big patch for current Linux kernels. It is based
on the Generalized Framework for Access Control (GFAC) by Abrams and
LaPadula and provides a flexible system of access control based on
several modules.
All security relevant system calls are extended by security
enforcement code. This code calls the central decision component,
which in turn calls all active decision modules and generates a
combined decision. This decision is then enforced by the system call
extensions.
Decisions are based on the type of access (request type), the access
target and on the values of attributes attached to the subject calling
and to the target to be accessed. Additional independent attributes
can be used by individual modules, e.g. the privacy module (PM). All
attributes are stored in fully protected directories, one on each
mounted device. Thus changes to attributes require special system
calls provided.
As all types of access decisions are based on general decision
requests, many different security policies can be implemented as a
decision module. In the current RSBAC version (1.0.6), seven modules
are included:
MAC: Bell-LaPadula Mandatory Access Control (compartements not yet
implemented)
CWI: Clark-Wilson-Integrity (only basics implemented, not working)
FC: Functional Control. A simple role based model, restricting access
to security information to security officers and access to system
information to administrators.
SIM: Security Information Modification. Only security administrators
are allowed to modify data labeled as security information
PM: Privacy Model. Simone Fischer-Huebner's Privacy Model in its
first implementation. See our paper on PM implementation for the
National Information Systems Security Conference (NISSC 98)
MS: Malware Scan. Scan all files for malware on execution
(optionally on all file read accesses or on all TCP/UDP read
accesses), deny access if infected. Currently the Linux viruses
Bliss.A and Bliss.B and a handfull of others are detected. See our
paper on malware detection and avoidance for The Third Nordic
Workshop on Secure IT Systems (Nordsec'98)
FF: File Flags. Provide and use flags for dirs and files, currently
execute_only (files), read_only (files and dirs) and search_only
(dirs). Only security officers may modify these flags.
A general goal of RSBAC is to some day reach Orange Bool (TCSEC) B1
level. For this many special problems have been and will have to be
addressed.
RSBAC Changes in this version
-----------------------------
1.0.6: - Moved to 2.1.128
- Cleaned up old includes in syscalls.c
- Added RSBAC own logging in /proc/rsbac-info/rmsg, to be
accessed by modified klogd or sys_rsbac_log, restricted by
most modules to security officers.
Additionally, logging to standard syslog can be turned off
to hide security relevant log from all but those with
explicit access.
- Added module File Flags with attribute ff_flags for FILE/DIR
targets
- Added auto-update of last version attributes (only FD
changed though)
- Changed ms_trusted from boolean to tristate: non-trusted,
read, full
- Fixed rm -r hang bug
- Added consistency check for RSBAC items, which can remove
items for deleted inodes (ext2 only) and entries containing
only default values (FILE/DIR targets only). It also
recalculates item counts.
- Added sys_rsbac_check to trigger this check.
How it will go on
-----------------
Who knows?-) But there are a few things planned for the future:
- Improve documentation - there are man pages, concept and detail
descriptions, how-tos, examples and
other stuff missing (volunteers?)
- Add Access Control Lists (ACL) module, based on users and request
types (likely for 1.0.7)
- Add attribute inheritance for files, dirs and users (using groups)
(also likely for 1.0.7, but needs many internal changes)
- Move user and password management into kernel structures, providing
a combined login-setuid system call and an administration call
- Provide library patches and changes to checkpasswd (for qmail etc.)
to use it
- Care for object reuse problem
- Include more scan strings into the Malware Scan module
- (Maybe) Join RSBAC with Pretty Secure Linux
- (Some day) With or without PSL: Meet B1 security requirements.
--·
Please remove second ao for E-Mail reply - no spam please!
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/