Next: Roles and Types
Up: Specification
Previous: Specification
Within the RC model specification, the active entities (subjects) are
processes working on behalf of users and executing one program file with a
set of dynamic libraries at a time.
Objects are grouped into the RSBAC framework target types, but
different groupings of objects would not change the model significantly.
Access rights are the standard framework request types plus some model
specific rights. Like modified object groupings, a different set of standard
access rights would not affect the model itself.
The following terms will be used:
- owner(p:process):user := owner of process p
- parent(p:process):process := parent process of process p
- program(p:process):file := program file currently executed by process p
- parent(f:filesystem object):filesystem object := parent object of filesystem object f
- attributename(o:object):valuetype := value of attribute attributename
of object o at time n
Processes as subjects can perform some model relevant actions:
- changeowner(p:process, u:user) := change owner of process p to u
at time n
- clone(p:process, p:process) := creation of process p by
parent process p at time n
- execute(p:process, f:file) := start execution of program file f
in process p at time n
- createfs(p:process, f:filesystem object) := creation of filesystem object f
by process p at time n
- createipc(p:process, i:IPC object) := creation of IPC
object i by process p at time n
Three types of rules will be specified:
- Invariants define rules, which must always be met. Here the effective
values of inheritable filesystem object attributes are determined.
- Transitions define the next state of an attribute after a certain
action.
- Constraints define the conditions to be met when an action is performed.
Next: Roles and Types
Up: Specification
Previous: Specification
Amon Ott