Current version
Git/Latestdiff: 1.5.6
Latest Snapshots
Produced after each commit or rebase to new upstream version
GIT
RSBAC source code, can be unstable sometimes
No events planned
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
why [2006/05/18 10:37] ao Change feature list link |
why [2006/12/27 10:18] 127.0.0.1 (old revision restored) |
||
---|---|---|---|
Line 53: | Line 53: | ||
//To get a list and explanation of every model included in RSBAC, see the [[documentation:rsbac_handbook:security_models|Security Models]] section of the handbook.// | //To get a list and explanation of every model included in RSBAC, see the [[documentation:rsbac_handbook:security_models|Security Models]] section of the handbook.// | ||
- | RSBAC framework logic is based on the work done for the Generalized Framework for Access Control ([[http://www.acsa-admin.org/secshelf/book001/09.pdf|GFAC]]) by Abrams and LaPadula. | + | {{rsbac-flow.png}}RSBAC framework logic is based on the work done for the Generalized Framework for Access Control ([[http://www.acsa-admin.org/secshelf/book001/09.pdf|GFAC]]) by Abrams and LaPadula. |
All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules (the different modules implementing different security models) and generates a combined final decision. This decision is then enforced by the system call extensions. | All security relevant system calls are extended by security enforcement code. This code calls the central decision component, which in turn calls all active decision modules (the different modules implementing different security models) and generates a combined final decision. This decision is then enforced by the system call extensions. | ||
Line 69: | Line 69: | ||
//A general goal of RSBAC design has been to some day reach (obsolete) Orange Book ([[http://csrc.nist.gov/publications/history/dod85.pdf|TCSEC]]) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls.// | //A general goal of RSBAC design has been to some day reach (obsolete) Orange Book ([[http://csrc.nist.gov/publications/history/dod85.pdf|TCSEC]]) B1 level. Now it is mostly targeting to be useful as secure and multi-purposed networked system, with special interest in firewalls.// | ||
+ | |||
+ | //Note: this page is also part of the [[:documentation:rsbac_handbook|RSBAC Handbook]]// |