todo
Releases
Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
Events
No events planned
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
|
todo [2009/09/30 22:45] 127.0.0.1 (old revision restored) |
todo [2009/10/07 11:42] 127.0.0.1 (old revision restored) |
||
|---|---|---|---|
| Line 5: | Line 5: | ||
| The RSBAC development team.// | The RSBAC development team.// | ||
| + | |||
| + | === Done in svn === | ||
| + | |||
| + | * CAP and RC learning modes with global activation | ||
| + | * Learn into transactions | ||
| === Planned for the next release 1.5 === | === Planned for the next release 1.5 === | ||
| Line 10: | Line 15: | ||
| * CAP learning mode for single programs. (possibly 1.4 feature) | * CAP learning mode for single programs. (possibly 1.4 feature) | ||
| * Persistent transactions, preserved between reboots. | * Persistent transactions, preserved between reboots. | ||
| - | * RC learning mode - per subject, with object types already set before learning. Learn only access rights. Use transactions for saving learning informations. Compare policy before and after learning. | + | * RC learning mode - per role, with object types already set before learning. Learn only access rights. Use transactions for saving learning informations. Compare policy before and after learning. |
| * Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ. | * Per-target log settings for USER, GROUP, SCD, using log_array_low and log_array_high like for FD, DEV, NETOBJ. | ||
| * Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging. (make possible to implement all audit policies in official and bussines use) | * Real model driven logging model - extend the decision return code to also signal whether this module requests logging. Still, we could use the object based logging rules for other targets than FD, DEV and NETOBJ. Note that these rules can also suppress logging - the decision extension could only request logging. (make possible to implement all audit policies in official and bussines use) | ||
| Line 17: | Line 22: | ||
| * Add more REG modules as examples yet ready for production use - most important seclvl. (michal) | * Add more REG modules as examples yet ready for production use - most important seclvl. (michal) | ||
| * Include patches for standard system tools like ps,top,ls. | * Include patches for standard system tools like ps,top,ls. | ||
| + | * (maybe - michal) Implement RSBAC in Xen hypervisor for inter-domain access control. There is actualy less to be done than for linux - not so many requests and interceptions. That would allow RSBAC to control how Xen domains can communicate with each other, possibly securing virtual machines against unknown vulnerabilities in Xen (that would normaly allow guests to break out from Xen and reach physical machine). | ||
| === After 1.5 === | === After 1.5 === | ||
todo.txt · Last modified: 2011/08/11 12:21 by 127.0.0.1