Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
aboutsummaryrefslogtreecommitdiff
path: root/xml/rsbac/intro.xml
diff options
context:
space:
mode:
Diffstat (limited to 'xml/rsbac/intro.xml')
-rw-r--r--xml/rsbac/intro.xml77
1 files changed, 77 insertions, 0 deletions
diff --git a/xml/rsbac/intro.xml b/xml/rsbac/intro.xml
new file mode 100644
index 0000000..71e8463
--- /dev/null
+++ b/xml/rsbac/intro.xml
@@ -0,0 +1,77 @@
+<?xml version='1.0' encoding="UTF-8"?> <!DOCTYPE guide SYSTEM
+"/dtd/guide.dtd">
+
+<guide link="intro.xml">
+
+<title>Rule Set Based Access Control (RSBAC) for Linux -
+Introduction</title>
+
+<author title="Author">
+ <mail link="ao@rsbac.org">Amon Ott</mail>
+</author> <author title="Editor">
+ <mail link="albeiro@gentoo.pl">Michal Purzynski</mail>
+</author> <author title="Editor">
+ <mail link="kang@gentoo.org">Guillaume Destuynder</mail>
+</author> <abstract> This document should introduce you to the RSBAC
+access control system. </abstract>
+
+<!-- The content of this document is licensed under the CC-BY-SA license
+--> <!-- See http://creativecommons.org/licenses/by-sa/1.0 --> <license/>
+
+<version>1.0</version> <date>2 June 2004</date>
+
+<chapter> <title>Introduction</title> <section> <title>Traditional access
+control systems and RSBAC</title> <body>
+
+<p> Traditional access control systems used to be melted into the system
+kernel. The actual security policy was deeply connected to the whole
+design of the system and hard-coded into the security part, making
+modifications to meet changed requirements a difficult task. </p>
+
+<p> In this work I used a new proposal by L. J. La Padula, based on the
+"Generalized Framework for Access Control", which was developed by
+a working group led by Marshall Abrams at MITRE. By division of the
+functional components they made it possible to simply configure many
+different security policies based on well-known and easily extensible
+models. </p>
+
+</body> </section> <section> <title>Implementation</title> <body>
+
+<p> For the implementation I choosed the Unix Linux variant of Unix,
+thanks to it's freely available source code. It is also very stable and
+near to both La Padula's example system and also common Unix standards,
+making the results easy to transfer to other systems. The package was
+named "Rule Set Based Access Control" (RSBAC). </p>
+
+<p> Using a Unix like system produced the major goal of extending a
+weak, discretionary access control by a new, stronger, more flexible
+and mandatory control. Instead of encoding it should make the adaption
+of security policies possible by administration of several security
+modules. Easy addition of other security modules was to be included
+as well. </p>
+
+<p> In this thesis La Padula's proposal is checked, extended, completed
+for a real system and at last implemented in it. </p>
+
+<p> As a special example for the ability of integration Dr. Simone
+Fischer-Huebner's complex Privacy Model was chosen, implementing it for
+the first time in a real system. Its adaption to my concept was done
+together with Simone Fischer-Huebner. </p>
+
+<p> Placing a focus on Privacy, the extensive logging is done using
+pseudonyms that can be changed and read only by security managers or
+data protection managers. </p>
+
+<p> In the end the gain in security and safety is checked against the
+ITSEC funtional criteria, extended by two privacy goals. </p>
+
+</body> </section> </chapter>
+
+<chapter> <title>References</title> <section> <body>
+
+<p> <uri>http://www.cs.kau.se/~simone/</uri>
+</p>
+
+</body> </section> </chapter>
+
+</guide>