Since no existing model suited our requirements, the Role Compatibility (RC) model has been designed and implemented in the RSBAC framework since December 1998. It supports both a general protection of the base system and an encapsulation of all network service programs to strictly confine security compromises. The abstraction of a role-based model seemed appropriate for this task.
The RSBAC framework provides a generic infrastructure for security model implementations, including persistent list management. It groups access objects into so-called target types, e.g. FILE, DIR or IPC1. Network access is controlled through Network Templates, which provide persistent default attribute values for dynamic network objects.[RSBAC]
The RC model has been in stable production use since January 2000, and a lot of experience with the RSBAC framework and the RC model has been gained. The latest application benchmarks show an RC model overhead of 1.25% against an empty framework, including the Authentication Enforcement (AUTH) module, which is outside the scope of this paper.
As an example, the typical configuration as given in section 6 effectively confines the Apache Webserver and thus prevents an infection by recent Linux malware like the OpenSSL Slapper worm family. The RC model has also been used to secure several Linux firewall configurations, which has been a common DTE model application for some time.2