=>  RSBAC Handbook

RSBAC Handbook

Preface

Introduction

Arch. and Imple.

Security Modules

Installation

Config. Basics

Adv.Configuration

Maintenance

Troubleshooting

Appendixes

=>  Releases

Stable: 1.3.7
for kernels:

  • 2.4.36
  • 2.6.23.14

Devel 1.4: 1.4.0-rc3
for kernels:

  • 2.4.36.9
  • 2.6.27.5

Full RSBAC kernels
Lazy of patching ? Get the already rsbac-patched kernel. Choose your flavor.

Classic kernels
Includes vanilla kernel with the RSBAC patch

  • 2.6.23.14
  • 2.4.35.3

Enhanced kernels
Kernels including latest security fixes, goodies, and of course PaX+RSBAC

  • 2.6.23.15 (20080217)
  • 2.4.36 (20080217)

Debian repository
Also works for Ubuntu and other Debian-based distributions, of course

SVN
Cutting edge RSBAC source code, can be unstable sometimes

=>  Events

No events planned

v1.2.3

Theses are benchmarks made with :

  • RSBAC version 1.2.3.
  • Linux Kernel Gentoo Hardened RSBAC 2.6.7-r10
  • GCC 3.3.4
  • PaX is enabled everywhere as in Gentoo Quickstart
  • Gentoo 2004.3 in Single User Mode
  • A Pentium-M 733 ULW (Dohan) @ 1.1Ghz, speedstep Off



All tests were run 3 times and the average calculated in second. We are compiling a vanilla 2.6.9 kernel from kernel.org



Four kernels have been tested:

  • Vanilla Hardened, means rsbac-dev-sources, features Gentoo 2.6.7 patchset and Hardened patchset and RSBAC off. (No framework)
  • RC + Auth
  • All RSBAC Options On
  • Default Gentoo RSBAC kernel as specified in the Gentoo Quickstart



Real represents the real time spent, in seconds User represents the total of CPU-seconds in user mode Sys represents the total of CPU-seconds in kernel mode Lower is better.

real user sys
Vanilla 656 619 26
RC+Auth 661 619 34
Gentoo 664 620 44
All On 679 623 58

All theses values are percentages of performance decrease, based on Vanilla = 100 percent. Lower is better.

real_p user_p sys_p
Vanilla 100 100 100
RC+Auth 100,7 100 130,7
Gentoo 101,2 100,1 169,23
All On 103,5 100,6 223,07


rsbac_123_bench.jpg

As you can see, only the kernel mode time increase significantly in RSBAC 1.2.3, but there are only very few actions done in this mode so it doesn’t really affect the real time very much.

To sum it up, we have a 1.2% difference of real time taken with a production kernel setup (Gentoo config), only 0.7% on a RC+Auth only enabled kernel, and a bigger 3.5% with every single option on.

 

documentation/benchmarks/rsbac_1.2.3.txt · Last modified: 2007/02/19 16:12 by kang
This website is kindly hosted by m-privacy