Title :
Design and implementation of the Trusted BSD MAC framework
Author :
Watson, Robert ; Feldman, Brian ; Migus, Adam ; Vance, Chris
Author_Institution :
Network Associates Labs., Rockville, MD, USA
Abstract :
Developing access control extensions for operating systems is an expensive and time-consuming task. Mechanisms available for access control extension lag behind industry standard extension solutions for file systems, process schedulers, and device drivers, and suffer from a number of serious flaws in modem multi-processor, multi-threaded kernels. In this paper we explore the limitations of current technologies for security extension. We describe the Trusted BSD MAC Framework, a flexible and modular environment for operating system access control extensions on the open source Free BSD platform. The TrustedBSD MAC Framework permits extensions to be introduced at compile-time, boot-time, or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. We discuss the design and implementation of the framework, as well as the an implementation of a fixed-label Biba integrity policy based on the framework.
Keywords :
authorisation; operating system kernels; public domain software; TrustedBSD MAC Framework; application interfaces; boot time extension; compile time extension; fixed-label Biba integrity policy; multi-processor multi-threaded kernels; open source FreeBSD platform; operating system access control extensions; policy-agnostic object labeling services; run time; Access control; Electrical equipment industry; File systems; Industrial control; Job shop scheduling; Kernel; Modems; Operating systems; Runtime; Security;
Conference_Titel :
DARPA Information Survivability Conference and Exposition, 2003. Proceedings
Print_ISBN :
0-7695-1897-4
DOI :
10.1109/DISCEX.2003.1194871
