Brief introduction to configuring and using TrustedBSD audit on FreeBSD 7.x.

Brief introduction to configuring and using TrustedBSD access control lists on FreeBSD 5.X.

Introduction to configuring and using the TrustedBSD Mandatory Access Control (MAC) Framework, as well as a list of currently shipped MAC policy modules and implementation examples.

Work in progress. Developer's introduction to the TrustedBSD MAC Framework, targetted at writers of new MAC policy modules.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google's Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

This paper describes the Common Criteria security event auditing implementation added to the FreeBSD operating system by the TrustedBSD Project. Audit is a critical element in operating system security evaluation and operation, but both the standards-based and operational requirements are complex. This paper describes the requirements, FreeBSD kernel implementation, extensible file format adopted from OpenSolaris BSM, mechanisms used for processing and maintaining the audit trail, and the OpenBSM audit library and tool set. Of importance is not just the content of audit records, but also the reliability guarantees associated with the queuing and delivery mechanisms.

Network Associates Laboratories has completed an initial port of the Flask security architecture and other components of Security Enhanced Linux (SELinux) to the FreeBSD operating system. This project, called Security Enhanced BSD (SEBSD), started with the TrustedBSD MAC Framework and integrated the Flask access vector cache and security server to make policy decisions. Then, support was added to the kernel to manage security fields and enforce permissions on files and processes. To demonstrate the resulting kernel functionality, a policy compiler and file system label management tools were ported. Also, modifications to login, ls, and the ps program were integrated into the corresponding FreeBSD programs. This paper discusses the TrustedBSD MAC Framework, label management, access control checks, and differences between SEBSD and SELinux.

We explore the requirements, design, and implementation of the TrustedBSD MAC Framework. The TrustedBSD MAC Framework, integrated into FreeBSD 5.0, provides a flexible framework for kernel access control extension, permitting extensions to be introduced more easily, and avoiding the need for direct modification of distributed kernel sources. We also consider the performance impact of the Framework on the FreeBSD 5.0 kernel in several test environments.

Developing access control extensions for operating systems is an expensive and time-consuming task. Mechanisms available for access control extension lag behind industry standard extension solutions for file systems, process schedulers, and device drivers, and suffer from a number of serious flaws in modern multi-processor, multi-threaded kernels. In this paper, we explore the limitations of current technologies for security extension. We describe the TrustedBSD MAC Framework, a flexible and modular environment for operating system access control extensions on the open source FreeBSD platform. The TrustedBSD MAC Framework permits extensions to be introduced at compile-time, boot-time, or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. We discuss the design and implementation of the framework, as well as the an implementation of a fixed-label Biba integrity policy based on the framework.

Trusted operating systems provide a ``next level'' of system security, offering both new security features and higher assurance that they are properly implemented. TrustedBSD is an on-going project to integrate a number of trusted OS features into the open source FreeBSD operating system, and involves both architectural and development process improvements. This paper describes how the open source development practices of the FreeBSD Project impacted the design and implementation choices for these features, and describes lessons learned that will influence future work. Several key TrustedBSD features are discussed as examples of how new security services may be introduced in such an environment.

Trusted operating systems provide a number of features beyond the standard discretionary access control policies of commercial, off-the-shelf operating systems. These include features such as fine-grained event auditing, least-privilege design, mandatory access control policies, and extensive design documentation. The TrustedBSD project is adding trusted operating system features to FreeBSD, an open source UNIX-like operating system under a liberal license. However, TrustedBSD requires extensive changes to the access control mechanisms in FreeBSD. At this point in the project, we have implemented file system extended attributes for storing security labels on files, revamped internal handling of privilege in the operating systems, and are working on an improved generalized access control system.