[rsbac] RSBAC RC vs. SELinux
ao at rsbac.org
Sun Dec 28 12:27:17 CET 2003
On Sonntag, 28. Dezember 2003 01:25, Arnout Engelen wrote:
> On Sat, Dec 27, 2003 at 11:57:15PM +0100, Deim Agoston wrote:
> > I've just read through a study about NSA'S SELinux and I've got the
> > feeling that the RC module and SELinux's TE+RBAC mode are _very_
> > similar. Not the same but very similar. Is there a comparsion or study
> > between the two (benchmarks etc.) or I should create one if I want to
> > start to compare them? I know the best way is to compare them by myself
> > and study but I'm curious about other's opinion (notth blind myself with
> > my opinion).
> some googling reveals this thread:
> since this seems to be slowly becoming a faq, it might be nice if
> someone rewrote the contents of that thread into a nice-to-read article.
> maybe, since you're evaluating the two anyway, you'd be interested in
> giving that a shot?
This old discussion mostly between Stephen Smalley and me is not a good
background for a neutral comparison. It is only based on the SELinux focus on
security. It is outdated in many respects. It is misleading, because it only
moves along Stephen's claims, many of which I proved to be wrong (this was my
reason to step in at that time).
Really, I do not want to repeat this old discussion. If a new comparison has
to be written, please let it start from a neutral base with fair assumptions.
I will answer Deim's questions from my personal point of view, without
claiming anything beyond what I believe to be clearly visible.
In general, RC model covers the important aspects of the SELinux model (which
only combines parts of RBAC and TE BTW) without its excessive complexity. On
the other hand, RC adds some important features that are clearly missing in
the SELinux model, e.g. a strong separation of duty for administration.
Most of the other RSBAC models (or the simpler decision modules) add
functionality, which can not or not easily be expressed with SELinux. Just
think of emulating ACLs, on-access virus scanning or resource control and
Posix capability administration - what a mess with a role based model, even
if it is possible at all. Sorry, Stephen, IMHO this is ridiculous.
As Peter stated, the flexible combination of models allows to achive more
security with less complexity. One strength of the RSBAC framework is to
allow such a combination with minimal effort - you can even add your own
model at runtime, if you want (and your RSBAC kernel config allows to do so).
One size does _not_ fit all, and some people even prefer a choice in colors...
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac