next up previous
Next: Comparison with RBAC and Up: Implementation Previous: Program Based Access Control

Access Control Decision and Notification

RSBAC request decisions and respective automatic attribute updates are performed in the decision function rsbac_adf_request_rc and the notification function rsbac_adf_set_attr_rc, which are called from the ADF dispatcher functions.7

Administration and role changing decisions are made in the respective individual functions, which have been implemented as additional system calls.

For most requests, the decision function only takes the process current role, the object type and the request and matches them against the type compatibility settings.

The notification function performs all implicit role and type changes for existing or newly created processes and objects as specified above.

The time values tn and tn+1 used in the specification are interpreted as at the time of the decision request call and directly after the notification call. Since all attribute changes from the specification rules are either for the requesting process only, or for a newly created object, which cannot be accessed by any process before notification has completed, race conditions can only occur with active administration.

Amon Ott