|
|
Log in / Subscribe / Register

Rule set based access control

[Posted September 27, 2005 by corbet]

SELinux has become, to many, the mechanism for high-security Linux deployments. The SELinux framework is considered sufficiently powerful, flexible, and universal that some developers have contemplated removing the Linux security module (LSM) interface altogether. When SELinux does everything, why have hooks for anything else? The fact of the matter, however, is that SELinux is not the only high-security approach out there. On September 27, version 1.2.5 of the Rule Set Based Access Control (RSBAC) patch was released. RSBAC has been around for several years, but it has never quite achieved the prominence of SELinux.

Like SELinux, RSBAC inserts hooks throughout the kernel source. RSBAC does not use the LSM framework, however. This page explains why; in short, the RSBAC developer (Amon Ott) does not like how LSM exposes kernel internals to security modules, and the LSM hooks are not nearly extensive enough for RSBAC. In fact, RSBAC adds hooks in many places (individual device drivers, for example) where LSM does not tread. RSBAC hooks can also change system state in ways not allowed with the LSM framework.

With the hooks in place, RSBAC allows for several different access control regimes, all of which can be mixed and matched as desired. Available options include:

  • Authenticated user: essentially a list of user IDs which may be assumed by each process on the system. This module is required by most other RSBAC security schemes.

  • User management: a replacement for the PAM and shadow mechanisms which moves most of the user and group management tasks into the kernel.

  • Role compatibility: assigns roles to users and programs, and ensures that they match at run time.

  • Access control lists: a variant of file ACLs which can take additional RSBAC features (such as roles) into account.

  • Mandatory access control: assigns security levels to processes and objects, and prevents access between different levels.

  • Dazuko: a specialized interface for virus scanning applications. Dazuko creates a special purpose device which can be used to intercept file accesses; malware scans can then be performed before the access is allowed to succeed. There is a ClamAV interface to Dazuko.

There are several other models available, see the RSBAC models page for the full list. One thing that should be clear is that the RSBAC framework has been used to implement a wide variety of access control mechanisms. The project's long history suggests a stable user base, and RSBAC has been adopted by some distributions (including the Adamantix (formerly "Trusted Debian") and Hardened Gentoo projects). The non-LSM approach seems likely to keep RSBAC out of the mainline kernel indefinitely (nobody is even proposing merging it), but RSBAC appears to be a viable option regardless.

Index entries for this article
KernelRSBAC
KernelSecurity/Security technologies

The LWN site is currently under high scraper load, so comment display has been suppressed for anonymous users. If you are a human, you may read the comments by clicking the button below:

Note: you can avoid this step in the future by logging into your LWN account.


Copyright © 2005, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds