Next: Specification
Up: The Role Compatibility Security
Previous: Introduction
The RC model design had to meet most access control requirements on
modern Linux based server systems. In detail, the following design goals
were accomplished:
- Role based model:
- The abstraction of users to roles and objects to
types leads to administration on a functional level and avoids the complexity
of per-object control.
- Single roles:
- Each process must have only one current role at a
time. Each user ID must have only one default role, which can be assigned to
the process when the user ID is acquired.
- Program roles:
- Different programs run by the same user must be able
to have different roles. Program roles must override user default roles.
- Changing of roles:
- A process must be able to actively change its current role,
if allowed by administration.
- Single types:
- Each object must have only one type.
- Granularity:
- Every role and type combination must have an
individual set of allowed accesses.
- Separation of administration duty:
- The model must support
separation of duty for administration.
- Full configurability:
- No hard-wired settings should be enforced.
- Functional default settings:
- When unconfigured, the model must allow
the system to work as expected.
- No changes to existing applications:
- All applications that are not
aware of the model must work as expected, unless when they have insufficient
privileges.
- Adaptive complexity:
- Model administration should be only as complex
as necessary to meet the actual requirements. Using default settings, the
model must behave as a simple role model. All special behaviour must be
optional.
Next: Specification
Up: The Role Compatibility Security
Previous: Introduction
Amon Ott