=>  Releases

Stable: 1.5.0

  • 4.4.y

Patched kernels
Includes vanilla kernel with the RSBAC patch

  • 4.4.20
  • 4.4.21

Latest diffs
Produced after each commit or rebase to new upstream version

Enhanced kernels
Combined patches with RSBAC and PaX, less well tested

External RSBAC+PaX
Maintained by m-privacy

GIT
RSBAC source code, can be unstable sometimes

=>  Events

No events planned

Design Goals

Access Control Framework

First goal is to define a basis, for all access control models to come. Design and implement a framework that provides a good infrastructure for the implementation of access control models.

Minimize Model Implementation

Include enough generic services in the framework to minimize the individual model implementation. This reduces the amount of code, which has to be checked for a correct model implementation, and thus, prevent possible errors.

Functional Separation

Clean separation between access control enforcement and decision components to prevent changes at several places in the case of a change in the implemented models. This also further reduces the size and complexity of the model implementation.

Model Combination

Support the flexible combination of an arbitrary number of concurrent access control models, leaving the choice for administrators of the model (or models) they need to use for each part of the system.

Modular Design

Make all components as modular as possible to provide a controlled flow of information, easier testing and better portability to other Unix family systems.

Accountability

Provide a protected logging of all security relevant actions as a general service, allowing every user and administrator to be held responsible for their actions and to build up non-disputable evidence in the case of a security compromise.

Extensive Control

Control all possible security relevant subjects and objects to avoid any bypassing of the access control system.

Network Control

Include sufficient mechanisms to effectively control the flow of information to and from remote systems over networks, from withing the access control framework.

Production Use

Keep the resulting system usable, stable, fast and flexible enough for production use in order to get extensive testing and feedback for the design and the implementation.



Table of Contents: RSBAC Handbook
Previous: Design Goals
Next: Areas of Use

 

documentation/rsbac_handbook/introduction/design_goals.txt · Last modified: 2006/06/13 15:39 by kang
This website is kindly hosted by m-privacy