next up previous
Next: Introduction

(PDF (163K) / zipped PS (119K))

Rule Set Based Access Control (RSBAC)

Amon Ott


September 17, 2001


The Rule Set Based Access Control (RSBAC) system is an open source extension to current Linux kernels, which has been continuously developed for several years.

It was designed according to the Generalized Framework for Access Control (GFAC) to overcome the deficiencies of access control in standard *nix systems, and to make a flexible combination of security models as well as proper access logging possible.

Access control is devided into enforcement, decision and data structures, and all access modes are grouped into abstract request types. This makes the framework and the existing model implementations easily portable to other operation systems.

Among the nine included access control models are well known ones, like MAC/Bell-LaPadula, as well as new models, which have been specially designed for *nix needs.

Installation requires a kernel patch, RSBAC configuration and a recompile. The complete set of administration tools contains a range of menues for most tasks.

Practical experience shows the system to be fast and stable for production use, what is one reason for its growing acceptance. There are already two Linux distributions with RSBAC included.

next up previous
Next: Introduction