next up previous
Next: Specification Up: The Role Compatibility Security Previous: Introduction

Design Goals

The RC model design had to meet most access control requirements on modern Linux based server systems. In detail, the following design goals were accomplished:
Role based model:
The abstraction of users to roles and objects to types leads to administration on a functional level and avoids the complexity of per-object control.
Single roles:
Each process must have only one current role at a time. Each user ID must have only one default role, which can be assigned to the process when the user ID is acquired.
Program roles:
Different programs run by the same user must be able to have different roles. Program roles must override user default roles.
Changing of roles:
A process must be able to actively change its current role, if allowed by administration.
Single types:
Each object must have only one type.
Granularity:
Every role and type combination must have an individual set of allowed accesses.
Separation of administration duty:
The model must support separation of duty for administration.
Full configurability:
No hard-wired settings should be enforced.
Functional default settings:
When unconfigured, the model must allow the system to work as expected.
No changes to existing applications:
All applications that are not aware of the model must work as expected, unless when they have insufficient privileges.
Adaptive complexity:
Model administration should be only as complex as necessary to meet the actual requirements. Using default settings, the model must behave as a simple role model. All special behaviour must be optional.

next up previous
Next: Specification Up: The Role Compatibility Security Previous: Introduction
Amon Ott