====== Security Use Cases ======

- draft - draft - draft - draft -

Security goals on a GNU/Linux system, and how they could be enforced with RSBAC modules.
This papers wants to be exhaustive (e.g : nearly all possible cases), but is far from it at the moment. Feel free to comment / add notes / fill parts / underline abiguous parts...

==== What do you protect on a GNU/Linux system ? ====

  * data
  * resources
  * services
  * execution
  * communication


^Type  ^Description ^
| FILE 	| data |
| DIR 	| data |
| FIFO 	| communication |
| DEV 	| data |
| IPC 	| communication |
| SCD 	| data |
| USER 	| data |
| PROCESS | data |
| NETDEV  | communication |
| NETTEMP | communication |
| NETOBJ  | communication |
| NETTEMP_NT | communication |
| NONE    | data? |
| FD | data |

==== What kind of data ? ====

  * security data  (/etc/security /etc/passwd /etc/shadow /etc/group /rsbac.dat ...)
  * private data (user) ($HOME, /var/mail/$USER)
  * system data (non-security) ( /  without security data and private data)
  * ?

(system+private = mail ?)\\
(security+private = ssh_keys ?)

==== What kind of resources ? ====

  * CPU time
  * RAM
  * HD (home, tmp, mail, swap?)
  * Bandwidth
  * Number of connections

You can protect a resource using the RES module, then protect the RES module's data with other protection schemes.

==== What kind of services ? ====

  * System-side services
    * Console services (*tty)
    * ? Devices services (hotplug...?)
    * X services (display manager, X server, more ? (kde / gnome)-wise: e.g gconfd)
    * ?
  * Security services
    * Login services (login, ssh, ...)
    * Logging services (syslog, klog, audit, ...?)
    * ?
  * Networking services
    * serving data
    * serving resources
    * serving another services ? (example ?)
    * ?

==== What kind of execution ? ====

  * System execution
     * once (indirect)
     * cron / at
     * services
  * User execution
     * once (direct, indirect)
     * cron / at

==== What kind of communication ? ====

  * ?