Corpus ID: 2282791

The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0

@inproceedings{Watson2003TheTM,
  title={The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0},
  author={R. Watson and W. Morrison and Chris Vance and Brian Feldman},
  booktitle={USENIX Annual Technical Conference, FREENIX Track},
  year={2003}
}
We explore the requirements, design, and implementation of the TrustedBSD MAC Framework. The TrustedBSD MAC Framework, integrated into FreeBSD 5.0, provides a flexible framework for kernel access control extension, permitting extensions to be introduced more easily, and avoiding the need for direct modification of distributed kernel sources. We also consider the performance impact of the Framework on the FreeBSD 5.0 kernel in several test environments. 
Shamon: A System for Distributed Mandatory Access Control
TLDR
An approach to securing distributed computation based on a shared reference monitor (Shamon) that enforces mandatory access control policies across a distributed set of machines and shows that distributed computations can be protected and controlled coherently across all the machines involved in the computation. Expand
FreeBSD Mandatory Access Control Usage for Implementing Enterprise Security Policies
TLDR
This tutorial paper addresses exploiting FreeBSD's classic MAC implementation to enforce typical enterprise security policies of varying complexities. Expand
New approaches to operating system security extensibility
TLDR
This dissertation proposes new approaches to commodity computer operating system (OS) access control extensibility that address historic problems with concurrency and technology transfer, and proposes two security extension models: the TrustedBSD Mandatory Access Control (MAC) Framework, a flexible kernel access control extension framework for the FreeBSD kernel, and Capsicum, practical capabilities for UNIX. Expand
Design and Implementation of a Forced Encryption Kernel Module
TLDR
An LKM is designed and implemented that applies forced encryption to the data that is transmitted to an external storage media and has advantages of fast encryption in kernel space, easy activation/deactivation of the functionality and the possibility to easily share encrypted files within an authorized group. Expand
Protection of Program Integrity Based on Trusted Computing
  • Xiang Ling, Li Wan, Guoqing Wu
  • Computer Science
  • 2010 Second International Conference on Networks Security, Wireless Communications and Trusted Computing
  • 2010
TLDR
Biba model with the access of execution is extended, integrity protection framework based on trusted platform is proposed, and the application of integrity protection on architectures of mainstream platforms is discussed. Expand
Mandatory Access Control at the Object Level in the Java Virtual Machine
For decades, secure operating systems have incorporated mandatory access control (MAC) techniques. Surprisingly, mobile-code platforms such as the Java Virtual Machine (JVM) and the .NET CommonExpand
Static Analysis of a Class of Memory Leaks in TrustedBSD MAC Framework
TLDR
This paper analyzes the security labels management of the TrustedBSD MAC framework and presents a path-sensitive static analysis approach to detect potential memory leaks caused by the security label management. Expand
Practical , Dynamic Information-flow for Virtual Machines
For decades, secure operating systems have incorporated mandatory access control (MAC) techniques. Surprisingly, mobile-code platforms such as the Java Virtual Machine (JVM) and the .NET CommonExpand
A component-based policy-neutral architecture for kernel-level access control
TLDR
This work presents a policy-neutral access control architecture called CRACKER (Component-based Reconfigurable Access Control for KERnels) for component-based operating systems, and illustrates how flexible kernel authorization can be realized while maintaining acceptable system performance. Expand
Information flow control for standard OS abstractions
TLDR
Flume is presented, a new DIFC model that applies at the granularity of operating system processes and standard OS abstractions (e.g., pipes and file descriptors), designed for simplicity of mechanism, to ease DIFC's use in existing applications, and to allow safe interaction between conventional and DIFC-aware processes. Expand
...
1
2
3
4
5
...

References

SHOWING 1-10 OF 36 REFERENCES
Integrating Flexible Support for Security Policies into the Linux Operating System
TLDR
The National Security Agency worked with Secure Computing Corporation to develop a flexible MAC architecture called Flask to overcome the limitations of traditional MAC, and implemented this architecture in the Linux operating system, producing a Security-Enhanced Linux (SELinux) prototype. Expand
LOMAC: Low Water-Mark integrity protection for COTS environments
  • T. Fraser
  • Computer Science
  • Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000
  • 2000
We hypothesize that a form of kernel-resident access control based integrity protection can gain widespread acceptance in commercial off-the-shelf (COTS) environments, provided that it couples someExpand
Improving Host Security with System Call Policies
TLDR
This paper discusses the methodology and design of privilege separation, a generic approach that lets parts of an application run with different levels of privilege, and illustrates how separation of privileges reduces the amount of OpenSSH code that is executed with special privilege. Expand
The Flask Security Architecture: System Support for Diverse Security Policies
TLDR
This paper presents an operating system security architecture that solves the problems of controlling the propagation of access rights, enforcing fine-grained access rights and supporting the revocation of previously granted access rights. Expand
Hardening COTS software with generic software wrappers
TLDR
The paper presents techniques for developing Generic Software Wrappers-protected, non-bypassable kernel-resident software extensions for augmenting security without modification of COTS source. Expand
Feldman.Hardening COTSsoftwarewith genericsoftwarewrappers.In
  • IEEE Symposium on Security and Privacy,
  • 1999
Securecomputer systems: Mathematicalfoundationsand model
  • Technical Report M74-244,
  • 1973
TrustedBSD: Adding Trusted Operating System Features to FreeBSD
  • R. Watson
  • Computer Science
  • USENIX Annual Technical Conference, FREENIX Track
  • 2001
TrustedBSD:Adding TrustedOperating SystemFeaturesto FreeBSD
  • In Proceedings of the USENIX Annual Technical Conference,
  • 2001
Common criteria version 2
  • Common criteria version 2
  • 2000
...
1
2
3
4
...