next up previous
Next: RSBAC in the wild Up: Overview of RSBAC Previous: GFAC based

Key Features

RSBAC has a flexible structure due to its separation between enforcement (Access Control Enforcement Facility, AEF), decision (Access Control Decision Facility, ADF) and data (Access Control Data, ACI). Because of its request abstraction, only AEF and parts of ACI are operating system dependent. The ADF, which contains all model implementations, should mostly need a recompile to work on other *nix style operation systems.

The framework supports almost any type of access control model. The model combination in ADF requires a metapolicy, which restrictively decides in cases of contradiction between model decisions.

Through the Runtime Module Registration facility (REG), decision modules as well as system calls or persistent generic lists can be added or removed at runtime, e.g. from a Loadable Kernel Module (LKM). Certainly, kernel modules are dangerous in themselves, and proper access control setup should protect against loading of uncontrolled kernel modules.

As a very important part, there is also a powerful logging system. Whether a decision is to be logged depends upon the request type and the decision, the user ID, the program running and the object that shall be accessed. Logging can be done with pseudonyms, thus providing some user privacy.


next up previous
Next: RSBAC in the wild Up: Overview of RSBAC Previous: GFAC based
2001-12-03