Rule-set-based access control ( RSBAC ) is an open source access control framework for current Linux kernels , which has been in stable production use since January 2000 (version 1.0.9a).
68-464: The RSBAC system architecture has been derived and extended from the Generalized Framework for Access Control ( GFAC ) by Marshall Abrams and Leonard La Padula. RSBAC means "ruleset based access control" and is also a role-based access control ( RBAC ) solution. The two acronyms can cause confusion. In his essay "Rule Set Modeling of a Trusted Computer System", Leonard LaPadula describes how
136-505: A 3D model of a human for example, the chest is a parent of the upper left arm, which is a parent of the lower left arm, which is a parent of the hand . This pattern is used in modeling and animation for almost everything built as a 3D digital model. Many grammatical theories, such as phrase-structure grammar , involve hierarchy. Direct–inverse languages such as Cree and Mapudungun distinguish subject and object on verbs not by different subject and object markers, but via
204-411: A branching hierarchy , one or more objects has a degree of 2 or more (and therefore the minimum degree is 2 or higher). For many people, the word "hierarchy" automatically evokes an image of a branching hierarchy. Branching hierarchies are present within numerous systems, including organizations and classification schemes . The broad category of branching hierarchies can be further subdivided based on
272-514: A family tree ) and inheritance ( succession and heirship ). All the requisites of a well-rounded life and lifestyle can be organized using Maslow's hierarchy of human needs - according to Maslow's hierarchy of human needs. Learning steps often follow a hierarchical scheme—to master differential equations one must first learn calculus ; to learn calculus one must first learn elementary algebra ; and so on. Nature offers hierarchical structures, as numerous schemes such as Linnaean taxonomy ,
340-475: A reverse hierarchy , the conceptual pyramid of authority is turned upside-down, so that the apex is at the bottom and the base is at the top. This mode represents the idea that members of the higher rankings are responsible for the members of the lower rankings. Empirically, when we observe in nature a large proportion of the (complex) biological systems, they exhibit hierarchic structure. On theoretical grounds we could expect complex systems to be hierarchies in
408-480: A breach of security through dual privilege. By extension, no person may hold a role that exercises audit, control or review authority over another, concurrently held role. Then again, a "minimal RBAC Model", RBACm , can be compared with an ACL mechanism, ACLg , where only groups are permitted as entries in the ACL. Barkley (1997) showed that RBACm and ACLg are equivalent. In modern SQL implementations, like ACL of
476-400: A business setting, a superior is a supervisor/boss and a peer is a colleague . Degree of branching refers to the number of direct subordinates or children an object has (in graph theory, equivalent to the number of other vertices connected to via outgoing arcs, in a directed graph) a node has. Hierarchies can be categorized based on the "maximum degree", the highest degree present in
544-446: A containment hierarchy is demonstrated in class inheritance in object-oriented programming . Two types of containment hierarchies are the subsumptive containment hierarchy and the compositional containment hierarchy. A subsumptive hierarchy " subsumes " its children, and a compositional hierarchy is " composed " of its children. A hierarchy can also be both subsumptive and compositional . A subsumptive containment hierarchy
612-449: A decision and a set of new ACI attribute values. The decision is then enforced by the AEF, which also sets the new attribute values and, in case of allowed access, provides object access to the subject. This structure requires all security relevant system calls to be extended by AEF interception, and it needs a well-defined interface between AEF and ADF. For better modeling, a set of request types
680-402: A file on a computer desktop, one may first direct them towards the main folder, then the subfolders within the main folder. They will keep opening files within the folders until the designated file is located. For more complicated hierarchies, the stair structure represents hierarchical relationships through the use of visual stacking. Visually imagine the top of a downward staircase beginning at
748-428: A generalized nested hierarchy allows for multiple objects within levels but with each object having only one parent at each level. The general concept is both demonstrated and mathematically formulated in the following example: A square can always also be referred to as a quadrilateral, polygon or shape. In this way, it is a hierarchy. However, consider the set of polygons using this classification. A square can only be
SECTION 10
#1732887223878816-485: A hierarchy is diagrammed (see below ). In an organizational context, the following terms are often used related to hierarchies: In a mathematical context (in graph theory ), the general terminology used is different. Most hierarchies use a more specific vocabulary pertaining to their subject, but the idea behind them is the same. For example, with data structures , objects are known as nodes , superiors are called parents and subordinates are called children . In
884-511: A hierarchy of persons. In this system, the three (or four with Algonquian languages ) persons occur in a hierarchy of salience . To distinguish which is subject and which object, inverse markers are used if the object outranks the subject. On the other hand, languages include a variety of phenomena that are not hierarchical. For example, the relationship between a pronoun and a prior noun-phrase to which it refers commonly crosses grammatical boundaries in non-hierarchical ways. The structure of
952-455: A hierarchy, insofar as they are hierarchical, are to one's immediate superior or to one of one's subordinates , although a system that is largely hierarchical can also incorporate alternative hierarchies. Hierarchical links can extend "vertically" upwards or downwards via multiple links in the same direction, following a path . All parts of the hierarchy that are not linked vertically to one another nevertheless can be "horizontally" linked through
1020-406: A higher-level entity can have on x' s properties and interactions. Furthermore, the entities found at each level are autonomous . Kulish (2002) suggests that almost every system of organization which humans apply to the world is arranged hierarchically. Some conventional definitions of the terms "nation" and "government" suggest that every nation has a government and that every government
1088-475: A lot more in their design than other access controls such as AppArmor . However, RSBAC brings its own hooking code instead of relying on the Linux Security Module ( LSM ). Due to this, RSBAC is technically a replacement for LSM itself, and implement modules that are similar to SELinux, but with additional functionality. The RSBAC framework incorporates complete object status and has a full knowledge of
1156-534: A matter of simply assigning appropriate roles to the user's account; this simplifies common operations, such as adding a user, or changing a user's department. Three primary rules are defined for RBAC: Additional constraints may be applied as well, and roles can be combined in a hierarchy where higher-level roles subsume permissions owned by sub-roles. With the concepts of role hierarchy and constraints, one can control RBAC to create or simulate lattice-based access control (LBAC). Thus RBAC can be considered to be
1224-409: A model which evolves from RBAC to consider additional attributes in addition to roles and groups. In ABAC, it is possible to use attributes of: ABAC is policy-based in the sense that it uses policies rather than static permissions to define what is allowed or what is not allowed. Relationship-based access control or ReBAC is a model which evolves from RBAC. In ReBAC, a subject's permission to access
1292-524: A musical composition is often understood hierarchically (for example by Heinrich Schenker (1768–1835, see Schenkerian analysis ), and in the (1985) Generative Theory of Tonal Music , by composer Fred Lerdahl and linguist Ray Jackendoff ). The sum of all notes in a piece is understood to be an all-inclusive surface, which can be reduced to successively more sparse and more fundamental types of motion. The levels of structure that operate in Schenker's theory are
1360-449: A path by traveling up the hierarchy to find a common direct or indirect superior, and then down again. This is akin to two co-workers or colleagues ; each reports to a common superior, but they have the same relative amount of authority. Organizational forms exist that are both alternative and complementary to hierarchy. Heterarchy is one such form. Hierarchies have their own special vocabulary. These terms are easiest to understand when
1428-410: A problem. The use of parentheses is also a representation of hierarchy, for they show which operation is to be done prior to the following ones. For example: (2 + 5) × (7 - 4). In this problem, typically one would multiply 5 by 7 first, based on the rules of mathematical hierarchy. But when the parentheses are placed, one will know to do the operations within the parentheses first before continuing on with
SECTION 20
#17328872238781496-439: A quadrilateral; it can never be a triangle , hexagon , etc. Nested hierarchies are the organizational schemes behind taxonomies and systematic classifications. For example, using the original Linnaean taxonomy (the version he laid out in the 10th edition of Systema Naturae ), a human can be formulated as: Taxonomies may change frequently (as seen in biological taxonomy ), but the underlying concept of nested hierarchies
1564-404: A required general property. These level hierarchies are characterized by bi-directional causation . Upward causation involves lower-level entities causing some property of a higher level entity; children entities may interact to yield parent entities, and parents are composed at least partly by their children. Downward causation refers to the effect that the incorporation of entity x into
1632-439: A resource is defined by the presence of relationships between those subjects and resources. The advantage of this model is that allows for fine-grained permissions; for example, in a social network where users can share posts with other specific users. The use of RBAC to manage user privileges (computer permissions) within a single system or application is widely accepted as a best practice. A 2010 report prepared for NIST by
1700-586: A superset of LBAC. When defining an RBAC model, the following conventions are useful: A constraint places a restrictive rule on the potential inheritance of permissions from opposing roles. Thus it can be used to achieve appropriate separation of duties . For example, the same person should not be allowed to both create a login account and to authorize the account creation. Thus, using set theory notation : A subject may have multiple simultaneous sessions with/in different roles. The NIST/ANSI/ INCITS RBAC standard (2004) recognizes three levels of RBAC: RBAC
1768-466: A world in which complexity had to evolve from simplicity. System hierarchies analysis performed in the 1950s, laid the empirical foundations for a field that would become, from the 1980s, hierarchical ecology . The theoretical foundations are summarized by thermodynamics . When biological systems are modeled as physical systems , in the most general abstraction, they are thermodynamic open systems that exhibit self-organised behavior, and
1836-539: Is a branching hierarchy in which at least one object has two parent objects. For example, a graduate student can have two co-supervisors to whom the student reports directly and equally, and who have the same level of authority within the university hierarchy (i.e., they have the same position or tenure status). Possibly the first use of the English word hierarchy cited by the Oxford English Dictionary
1904-441: Is a classification of object classes from the general to the specific. Other names for this type of hierarchy are "taxonomic hierarchy" and " IS-A hierarchy". The last term describes the relationship between each level—a lower-level object "is a" member of the higher class. The taxonomical structure outlined above is a subsumptive containment hierarchy. Using again the example of Linnaean taxonomy, it can be seen that an object that
1972-404: Is a direct extrapolation of the nested hierarchy concept. All of the ordered sets are still nested, but every set must be " strict "—no two sets can be identical. The shapes example above can be modified to demonstrate this: The notation x ⊊ y {\displaystyle x\subsetneq y\,} means x is a subset of y but is not equal to y . A general example of
2040-561: Is a flexible access control technology whose flexibility allows it to implement DAC or MAC . DAC with groups (e.g., as implemented in POSIX file systems) can emulate RBAC. MAC can simulate RBAC if the role graph is restricted to a tree rather than a partially ordered set . Prior to the development of RBAC, the Bell-LaPadula (BLP) model was synonymous with MAC and file system permissions were synonymous with DAC. These were considered to be
2108-480: Is a hierarchical ordering of nested sets . The concept of nesting is exemplified in Russian matryoshka dolls . Each doll is encompassed by another doll, all the way to the outer doll. The outer doll holds all of the inner dolls, the next outer doll holds all the remaining inner dolls, and so on. Matryoshkas represent a nested hierarchy where each level contains only one object, i.e., there is only one of each size of doll;
RSBAC - Misplaced Pages Continue
2176-503: Is a member of the level Mammalia "is a" member of the level Animalia ; more specifically, a human "is a" primate, a primate "is a" mammal, and so on. A subsumptive hierarchy can also be defined abstractly as a hierarchy of " concepts ". For example, with the Linnaean hierarchy outlined above, an entity name like Animalia is a way to group all the species that fit the conceptualization of an animal. A compositional containment hierarchy
2244-469: Is a policy-neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments. A study by NIST has demonstrated that RBAC addresses many needs of commercial and government organizations. RBAC can be used to facilitate administration of security in large organizations with hundreds of users and thousands of permissions. Although RBAC
2312-405: Is always transitive . The second requirement asserts that a hierarchy must have a leader or root that is common to all of the objects. Mathematically, in its most general form, a hierarchy is a partially ordered set or poset . The system in this case is the entire poset, which is constituted of elements. Within this system, each element shares a particular unambiguous property. Objects with
2380-420: Is always the same. In many programming taxonomies and syntax models (as well as fractals in mathematics), nested hierarchies, including Russian dolls, are also used to illustrate the properties of self-similarity and recursion . Recursion itself is included as a subset of hierarchical programming, and recursive thinking can be synonymous with a form of hierarchical thinking and logic. A containment hierarchy
2448-507: Is an ordering of the parts that make up a system—the system is "composed" of these parts. Most engineered structures, whether natural or artificial, can be broken down in this manner. The compositional hierarchy that every person encounters at every moment is the hierarchy of life . Every person can be reduced to organ systems , which are composed of organs , which are composed of tissues , which are composed of cells , which are composed of molecules , which are composed of atoms . In fact,
2516-483: Is credited with first use of it as an abstract noun. Since hierarchical churches, such as the Roman Catholic (see Catholic Church hierarchy ) and Eastern Orthodox churches, had tables of organization that were "hierarchical" in the modern sense of the word (traditionally with God as the pinnacle or head of the hierarchy), the term came to refer to similar organizational methods in secular settings. A hierarchy
2584-412: Is different from MAC and DAC access control frameworks, it can enforce these policies without any complication. Within an organization, roles are created for various job functions. The permissions to perform certain operations are assigned to specific roles. Since users are not assigned permissions directly, but only acquire them through their role (or roles), management of individual user rights becomes
2652-631: Is hierarchical. Sociologists can analyse socioeconomic systems in terms of stratification into a social hierarchy (the social stratification of societies), and all systematic classification schemes ( taxonomies ) are hierarchical. Most organized religions , regardless of their internal governance structures, operate as a hierarchy under deities and priesthoods . Many Christian denominations have an autocephalous ecclesiastical hierarchy of leadership . Families can be viewed as hierarchical structures in terms of cousinship (e.g., first cousin once removed, second cousin, etc.), ancestry (as depicted in
2720-598: Is infinitely hierarchical because there is no finite bound on the number of digits can be used after the decimal point. Organizations can be structured as a dominance hierarchy . In an organizational hierarchy, there is a single person or group with the most power or authority , and each subsequent level represents a lesser authority. Most organizations are structured in this manner, including governments , companies , armed forces , militia and organized religions . The units or persons within an organization may be depicted hierarchically in an organizational chart . In
2788-450: Is thus a sequence of operations within a larger activity. RBAC has been shown to be particularly well suited to separation of duties (SoD) requirements, which ensure that two or more people must be involved in authorizing critical operations. Necessary and sufficient conditions for safety of SoD in RBAC have been analyzed. An underlying principle of SoD is that no individual should be able to effect
RSBAC - Misplaced Pages Continue
2856-420: Is typically depicted as a pyramid , where the height of a level represents that level's status and width of a level represents the quantity of items at that level relative to the whole. For example, the few Directors of a company could be at the apex , and the base could be thousands of people who have no subordinates. These pyramids are often diagrammed with a triangle diagram which serves to emphasize
2924-449: The CakePHP framework, ACLs also manage groups and inheritance in a hierarchy of groups. Under this aspect, specific "modern ACL" implementations can be compared with specific "modern RBAC" implementations, better than "old (file system) implementations". For data interchange, and for "high level comparisons", ACL data can be translated to XACML . Attribute-based access control or ABAC is
2992-484: The "postal district" , consists of 18 objects (letters). The next level down is the "zone", where the objects are the digits 0–9. This is an example of an overlapping hierarchy , because each of these 10 objects has 18 parents. The hierarchy continues downward to generate, in theory, 7,200,000 unique codes of the format A0A 0A0 (the second and third letter positions allow 20 objects each). Most library classification systems are also hierarchical. The Dewey Decimal System
3060-636: The Research Triangle Institute analyzed the economic value of RBAC for enterprises, and estimated benefits per employee from reduced employee downtime, more efficient provisioning, and more efficient access control policy administration. In an organization with a heterogeneous IT infrastructure and requirements that span dozens or hundreds of systems and applications, using RBAC to manage sufficient roles and assign adequate role memberships becomes extremely complex without hierarchical creation of roles and privilege assignments. Newer systems extend
3128-472: The organization of life , and biomass pyramids attempt to document. While the above examples are often clearly depicted in a hierarchical form and are classic examples, hierarchies exist in numerous systems where this branching structure is not immediately apparent. For example, most postal-code systems are hierarchical. Using the Canadian postal code system as an example, the top level's binding concept,
3196-574: The set/subset relations between dissipative structures can be characterized in a hierarchy. Other hierarchical representations related to biology include ecological pyramids which illustrate energy flow or trophic levels in ecosystems , and taxonomic hierarchies, including the Linnean classification scheme and phylogenetic trees that reflect inferred patterns of evolutionary relationship among living and extinct species. CGI and computer-animation programs mostly use hierarchies for models. On
3264-501: The Generalized Framework for Access Control (GFAC) approach could be implemented in the UNIX System V operating system. He introduced the clear separation between Access Enforcement Facility (AEF), Access Decision Facility (ADF) with Access Control Rules (ACR), and Access Control Information (ACI). The AEF as part of the system call function calls the ADF, which uses ACI and the rules to return
3332-536: The Linux kernel, RSBAC coming as a separate patch only. RSBAC was the first Linux role-based access control ( RBAC ) and mandatory access control ( MAC ) patch. Role-based access control In computer systems security, role-based access control ( RBAC ) or role-based security is an approach to restricting system access to authorized users, and to implementing mandatory access control (MAC) or discretionary access control (DAC) . Role-based access control
3400-495: The Privacy Model by Simone Fischer-Hübner . Many aspects of the system have changed a lot since then, e.g. the current framework supports more object types, includes generic list management and network access control, contains several additional security models, and supports runtime registration of decision modules and system calls for their administration. RSBAC is very close to Security-Enhanced Linux ( SELinux ), as they share
3468-515: The degree. A flat hierarchy (also known for companies as flat organization ) is a branching hierarchy in which the maximum degree approaches infinity, i.e., that has a wide span. Most often, systems intuitively regarded as hierarchical have at most a moderate span. Therefore, a flat hierarchy is often not viewed as a hierarchy at all. For example, diamonds and graphite are flat hierarchies of numerous carbon atoms that can be further decomposed into subatomic particles. An overlapping hierarchy
SECTION 50
#17328872238783536-419: The direct-relations between several entities (see: ACLg below). For example, an ACL could be used for granting or denying write access to a particular system file, but it wouldn't dictate how that file could be changed. In an RBAC-based system, an operation might be to 'create a credit account' transaction in a financial application or to 'populate a blood sugar level test' record in a medical application. A Role
3604-453: The kernel state when making decisions, making it more flexible and reliable. However, this comes at the cost of slightly higher overhead in the framework itself. Although SELinux- and RSBAC-enabled systems have similar impact on performance, LSM impact alone is negligible compared to the RSBAC framework alone. For this reason, LSM has been selected as default and unique security-hooking mechanism in
3672-527: The last two levels apply to all matter , at least at the macroscopic scale . Moreover, each of these levels inherit all the properties of their children . In this particular example, there are also emergent properties —functions that are not seen at the lower level (e.g., cognition is not a property of neurons but is of the brain )—and a scalar quality (molecules are bigger than atoms, cells are bigger than molecules, etc.). Both of these concepts commonly exist in compositional hierarchies, but they are not
3740-429: The left and descending on the right. Child elements are towards the bottom of the stairs and parent elements are at the top. This structure represents hierarchical relationships through the use of visual stacking. In plain English, a hierarchy can be thought of as a set in which: The first requirement is also interpreted to mean that a hierarchy can have no circular relationships ; the association between two objects
3808-534: The older NIST RBAC model to address the limitations of RBAC for enterprise-wide deployments. The NIST model was adopted as a standard by INCITS as ANSI/INCITS 359-2004. A discussion of some of the design choices for the NIST model has also been published. Role based access control interference is a relatively new issue in security applications, where multiple user accounts with dynamic access levels may lead to encryption key instability, allowing an outside user to exploit
3876-643: The only known models for access control: if a model was not BLP, it was considered to be a DAC model, and vice versa. Research in the late 1990s demonstrated that RBAC falls in neither category. Unlike context-based access control (CBAC), RBAC does not look at the message context (such as a connection's source). RBAC has also been criticized for leading to role explosion, a problem in large enterprise systems which require access control of finer granularity than what RBAC can provide as roles are inherently assigned to operations and data types. In resemblance to CBAC, an Entity-Relationship Based Access Control (ERBAC, although
3944-407: The problem. These rules are largely dominant in algebraic problems, ones that include several steps to solve. The use of hierarchy in mathematics is beneficial to quickly and efficiently solve a problem without having to go through the process of slowly dissecting the problem. Most of these rules are now known as the proper way into solving certain equations. A nested hierarchy or inclusion hierarchy
4012-477: The rules of visual hierarchy . Visual hierarchy is also important for proper organization of files on computers. An example of visually representing hierarchy is through nested clusters. Nested clusters represent hierarchical relationships using layers of information. The child element is within the parent element, such as in a Venn diagram . This structure is most effective in representing simple hierarchical relationships. For example, when directing someone to open
4080-412: The same acronym is also used for modified RBAC systems, such as Extended Role-Based Access Control ) system is able to secure instances of data by considering their association to the executing subject. Access control lists (ACLs) are used in traditional discretionary access-control (DAC) systems to affect low-level data-objects. RBAC differs from ACL in assigning permissions to operations which change
4148-427: The same level as" one another. Hierarchy is an important concept in a wide variety of fields, such as architecture , philosophy , design , mathematics , computer science , organizational theory , systems theory , systematic biology , and the social sciences (especially political science ). A hierarchy can link entities either directly or indirectly, and either vertically or diagonally. The only direct links in
SECTION 60
#17328872238784216-469: The same property value are grouped together, and each of those resulting levels is referred to as a class . "Hierarchy" is particularly used to refer to a poset in which the classes are organized in terms of increasing complexity. Operations such as addition, subtraction, multiplication and division are often performed in a certain sequence or order. Usually, addition and subtraction are performed after multiplication and division has already been applied to
4284-470: The size differences between the levels (but not all triangle/pyramid diagrams are hierarchical; for example, the 1992 USDA food guide pyramid ). An example of a triangle diagram appears to the right. Another common representation of a hierarchical scheme is as a tree diagram . Phylogenetic trees , charts showing the structure of § Organizations , and playoff brackets in sports are often illustrated this way. More recently, as computers have allowed
4352-399: The storage and navigation of ever larger data sets, various methods have been developed to represent hierarchies in a manner that makes more efficient use of the available space on a computer's screen. Examples include fractal maps, TreeMaps and Radial Trees . In the design field, mainly graphic design, successful layouts and formatting of the content on documents are heavily dependent on
4420-517: The system as a whole. Categorization in this way yields two broad classes: linear and branching . In a linear hierarchy , the maximum degree is 1. In other words, all of the objects can be visualized in a line-up, and each object (excluding the top and bottom ones) has exactly one direct subordinate and one direct superior. This is referring to the objects and not the levels ; every hierarchy has this property with respect to levels, but normally each level can have an infinite number of objects. In
4488-451: The weakness for unauthorized access. Key sharing applications within dynamic virtualized environments have shown some success in addressing this problem. Hierarchy A hierarchy (from Greek : ἱεραρχία , hierarkhia , 'rule of a high priest', from hierarkhes , 'president of sacred rites') is an arrangement of items (objects, names, values, categories, etc.) that are represented as being "above", "below", or "at
4556-600: Was in 1881, when it was used in reference to the three orders of three angels as depicted by Pseudo-Dionysius the Areopagite (5th–6th centuries). Pseudo-Dionysius used the related Greek word (ἱεραρχία, hierarchia ) both in reference to the celestial hierarchy and the ecclesiastical hierarchy . The Greek term hierarchia means 'rule of a high priest', from hierarches (ἱεράρχης, 'president of sacred rites, high-priest') and that from hiereus (ἱερεύς, 'priest') and arche (ἀρχή, 'first place or power, rule'). Dionysius
4624-624: Was used in which all system call functionalities were to be expressed. The general structure of the GFAC has also been included in the ISO standard 10181-3 Security frameworks for open systems: Access control framework and into The Open Group standard Authorization (AZN) API. The first RSBAC prototype followed La Padula's suggestions and implemented some access control policies briefly described there, namely mandatory access control ( MAC ), functional control (FC) and Security Information Modification (SIM), as well as
#877122