Future Goals
There are a few things planned for the future:
- Everlasting: Improve documentation - there are man pages, concept and detail
descriptions, how-tos, examples and other stuff missing (volunteers?)
- Change socket object identification, making them permanent to allow real network access
control. Planned for 1.2.0.
- Add optional redirection for all filesystem objects. Must be carefully planned, because
for the first time internal kernel data structures are going to be modified. Will thus
break original RSBAC design goal. Maybe in 1.2.0
- PM update and menu based administration. Planned for 1.2.0
- Improve recovering from system crashes - it is still possible (though unlikely) to loose
attributes, if system crashed while writing to /rsbac dir.
- Improve attribute access performance by further list separation. Planned for 1.2.0.
- Finish user and password management daemon enforcement (AUTH module), inspired by an
idea of Julio Sanchez. Misses a bit of helper stuff, like PAM stubs etc. Kernel part is
finished, though.
- Further improve Linux security specially as internet server system, addressing special
needs for that. The (improved) Role Compatibility, the AUTH and the ACL model can help a
lot here.
- Some day, if ever: Meet B1 security requirements. Now that MAC categories and secure
delete are implemented the way has shortened, but it is not really urgent though, since
Orange Book is far out of date.
Questions,
tips, etc.
27-Aug-01, -ao