Project:RSBAC/Introduction

This document introduces the reader to the RSBAC access control system.

Traditional access control systems and RSBAC
Traditional access control systems used to be melted into the system kernel. The actual security policy was deeply connected to the whole design of the system and hard-coded into the security part, making modifications to meet changed requirements a difficult task.

In this work I used a new proposal by L. J. La Padula, based on the "Generalized Framework for Access Control", which was developed by a working group led by Marshall Abrams at MITRE. By division of the functional components they made it possible to simply configure many different security policies based on well-known and easily extensible models.

Implementation
For the implementation I chose the Unix Linux variant of Unix, thanks to it's freely available source code. It is also very stable and near to both La Padula's example system and also common Unix standards, making the results easy to transfer to other systems. The package was named "Rule Set Based Access Control" (RSBAC).

Using a Unix like system produced the major goal of extending a weak, discretionary access control by a new, stronger, more flexible and mandatory control. Instead of encoding it should make the adaption of security policies possible by administration of several security modules. Easy addition of other security modules was to be included as well.

In this thesis La Padula's proposal is checked, extended, completed for a real system and at last implemented in it.

As a special example for the ability of integration Dr. Simone Fischer-Huebner's complex Privacy Model was chosen, implementing it for the first time in a real system. Its adaption to my concept was done together with Simone Fischer-Huebner.

Placing a focus on Privacy, the extensive logging is done using pseudonyms that can be changed and read only by security managers or data protection managers.

In the end the gain in security and safety is checked against the ITSEC functional criteria, extended by two privacy goals.