[rsbac] RSBAC RC vs. SELinux

Amon Ott ao at rsbac.org
Sun Dec 28 12:27:17 CET 2003 

On Sonntag, 28. Dezember 2003 01:25, Arnout Engelen wrote:
> On Sat, Dec 27, 2003 at 11:57:15PM +0100, Deim Agoston wrote:
> > I've just read through a study about NSA'S SELinux and I've got the
> > feeling that the RC module and SELinux's TE+RBAC mode are _very_
> > similar. Not the same but very similar. Is there a comparsion or study
> > between the two (benchmarks etc.) or I should create one if I want to
> > start to compare them? I know the best way is to compare them by myself
> > and study but I'm curious about other's opinion (notth blind myself with
> > my opinion).
> 
> some googling reveals this thread:
> 
>   http://marc.theaimsgroup.com/?l=selinux&m=98618795624462&w=2
> 
> since this seems to be slowly becoming a faq, it might be nice if
> someone rewrote the contents of that thread into a nice-to-read article.
> maybe, since you're evaluating the two anyway, you'd be interested in
> giving that a shot?

This old discussion mostly between Stephen Smalley and me is not a good 
background for a neutral comparison. It is only based on the SELinux focus on 
security. It is outdated in many respects. It is misleading, because it only 
moves along Stephen's claims, many of which I proved to be wrong (this was my 
reason to step in at that time).

Really, I do not want to repeat this old discussion. If a new comparison has 
to be written, please let it start from a neutral base with fair assumptions.  
I will answer Deim's questions from my personal point of view, without 
claiming anything beyond what I believe to be clearly visible.

In general, RC model covers the important aspects of the SELinux model (which 
only combines parts of RBAC and TE BTW) without its excessive complexity. On 
the other hand, RC adds some important features that are clearly missing in 
the SELinux model, e.g. a strong separation of duty for administration.

Most of the other RSBAC models (or the simpler decision modules) add 
functionality, which can not or not easily be expressed with SELinux. Just 
think of emulating ACLs, on-access virus scanning or resource control and 
Posix capability administration - what a mess with a role based model, even 
if it is possible at all. Sorry, Stephen, IMHO this is ridiculous.

As Peter stated, the flexible combination of models allows to achive more 
security with less complexity. One strength of the RSBAC framework is to 
allow such a combination with minimal effort - you can even add your own 
model at runtime, if you want (and your RSBAC kernel config allows to do so).

One size does _not_ fit all, and some people even prefer a choice in colors...

Amon.
-- 
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22

More information about the rsbac mailing list