next up previous
Next: Roles and Types Up: The Role Compatibility Security Previous: Lifetime Limits

Implementation

The Role Compatibility model has been implemented as a decision module for the RSBAC framework[RSBAC] and makes extensive use of its infrastructure.

The Rule Set Based Access Control (RSBAC) system is an open source security extension to current Linux kernels, which has been continuously developed by the author for several years.

RSBAC was designed according to the Generalized Framework for Access Control (GFAC)[Abrams+90] to overcome the deficiencies of access control in standard Linux systems, and to make a flexible combination of security models as well as proper access logging possible.

Only smaller RC changes and adaptions to changes of the framework have been made from November 1999 till November 2001, like initial roles or the extension for new target types. From November 2001, the RC model implementation has been moved to generic RSBAC lists and the original limit of 64 roles and 64 RC types per target type has been removed. Also, the new network target types and time limits have been included.


Subsections

Amon Ott