Paper for the Nordic Workshop on Secure IT Systems (NordSec)
2002
Amon Ott
Compuniverse
Email: ao@rsbac.org, WWW: http://www.rsbac.org
November 11, 2002
This paper presents the ``Role Compatibility'' access control model. It has been specially designed to address recent vulnerabilities in network servers by confining compromised services and protecting the base of the system. Furthermore, while being powerful and flexible when needed, it remains fast and easy to use for simple setups.
The model design goals, its specification and implementation outline are presented, followed by a brief comparison to the RBAC and the DTE model. Finally, a Webserver example shows how the model can be used to protect real server systems.
Keywords: Security Model, Access Control, Internet
Server, Linux