Basic Definitions

Within the RC model specification, the active entities (subjects) are processes working on behalf of users and executing one program file with a set of dynamic libraries at a time.

Objects are grouped into the RSBAC framework target types, but different groupings of objects would not change the model significantly.

Access rights are the standard framework request types plus some model specific rights. Like modified object groupings, a different set of standard access rights would not affect the model itself.

The following terms will be used:

• owner(p:process):user := owner of process p
• parent(p:process):process := parent process of process p
• program(p:process):file := program file currently executed by process p
• parent(f:filesystem object):filesystem object := parent object of filesystem object f
• attributename$_{tn}$(o:object):valuetype := value of attribute attributename of object o at time n

Processes as subjects can perform some model relevant actions:

• changeowner$_{tn}$(p:process, u:user) := change owner of process p to u at time n
• clone$_{tn}$(p$_1$:process, p$_2$:process) := creation of process p$_2$ by parent process p$_1$ at time n
• execute$_{tn}$(p:process, f:file) := start execution of program file f in process p at time n
• createfs$_{tn}$(p:process, f:filesystem object) := creation of filesystem object f by process p at time n
• createipc$_{tn}$(p:process, i:IPC object) := creation of IPC object i by process p at time n

Three types of rules will be specified:

1. Invariants define rules, which must always be met. Here the effective values of inheritable filesystem object attributes are determined.
2. Transitions define the next state of an attribute after a certain action.
3. Constraints define the conditions to be met when an action is performed.