Performance

Table 1: Standard 2.4.6 kernel source compile benchmarks with different RSBAC options. Times are given in seconds.

RSBAC options	Total time	Kernel+User	Kernel	User/Process
none / clean kernel	711.75	711.74	34.83	676.91
Maint kernel (no mods, no debug)	719.09 (+1.03%)	719.09 (+1.03%)	41.02 (+17.77%)	678.07 (+0.17%)
Maint kernel (no modules)	719.20 (+1.05%)	719.19 (+1.05%)	39.04 (+12.09%)	680.15 (+0.48%)
RC + AUTH, no other options	719.36 (+1.07%)	719.35 (+1.07%)	45.41 (+30.38%)	673.94 (-0.44%)
AUTH + ACL, no other options	721.18 (+1.32%)	721.19 (+1.33%)	44.56 (+27.94%)	676.63 (-0.04%)
REG+FF+RC+AUTH+ACL, Net support, ind. Log (def. config)	729.33 (+2.47%)	729.33 (+2.47%)	52.76 (+51.48%)	676.57 (-0.05%)
All models + options, except MS	763.35 (+7.25%)	763.07 (+7.21%)	81.63 (+134.37%)	681.44 (+0.67%)
All models and options	854.69 (+20.08%)	854.21 (+20.02%)	169.65 (+387.08%)	684.56 (+1.13%)

The main performance influences are the number and dynamic change of attribute objects, the number and types of decision modules and, of course, the amount of logging.

Kernel compile time benchmarks on standard 2.4.6 kernel sources in default settings have been run for RSBAC version 1.1.2-pre8 with kernel 2.4.6. The test system had one Celeron CPU with 333 MHz, 256MB RAM and different RSBAC configurations. Each single test consisted of three 'make bzImage' runs, measured by the 'time' utility, in single user mode. To eliminate caching issues, one extra test compile was done before the timed compilations. Before each run, a 'make clean' was called.

Table 1 on page shows the average times in seconds that were produced. The significant kernel time increase with all options is mostly due to the MS module with read check enabled, which marks all files ever read as scanned and thus produces a huge amount of attribute objects in large lists. Lookups in large lists are slow.