EPFL Logo
fr|en
Login
Concept

RSBAC

Rule-set-based access control (RSBAC) is an open source access control framework for current Linux kernels, which has been in stable production use since January 2000 (version 1.0.9a). Free open source GNU General Public License (GPL) Linux kernel security extension Independent of governments and big companies Several well-known and new security models, e.g. mandatory access control (MAC), access control list (ACL), and role compatibility (RC) On-access virus scanning with Dazuko interface Detailed control over individual user and program network accesses Fully access controlled kernel level user management Any combination of security models possible Easily extensible: write your own model for runtime registration Support for latest kernels Stable for production use Easily portable to other operating systems The RSBAC system architecture has been derived and extended from the Generalized Framework for Access Control (GFAC) by Marshall Abrams and Leonard La Padula. RSBAC means "ruleset based access control" and is also a role-based access control (RBAC) solution. The two acronyms can cause confusion. In his essay "Rule Set Modeling of a Trusted Computer System", Leonard LaPadula describes how the Generalized Framework for Access Control (GFAC) approach could be implemented in the UNIX System V operating system. He introduced the clear separation between Access Enforcement Facility (AEF), Access Decision Facility (ADF) with Access Control Rules (ACR), and Access Control Information (ACI). The AEF as part of the system call function calls the ADF, which uses ACI and the rules to return a decision and a set of new ACI attribute values. The decision is then enforced by the AEF, which also sets the new attribute values and, in case of allowed access, provides object access to the subject. This structure requires all security relevant system calls to be extended by AEF interception, and it needs a well-defined interface between AEF and ADF. For better modeling, a set of request types was used in which all system call functionalities were to be expressed.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.