Design and Implementation of the TrustedBSD MAC Framework

Washington, DC April 22-April 24

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194871

DARPA Information Survivability Confe ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Robert Watson Articles by Brian Feldman Articles by Adam Migus Articles by Chris Vance

	ASCII Text	x
	Robert Watson, Brian Feldman, Adam Migus, Chris Vance, "Design and Implementation of the TrustedBSD MAC Framework," DARPA Information Survivability Conference and Exposition,, vol. 1, pp. 38, DARPA Information Survivability Conference and Exposition - Volume I, 2003.

	BibTex	x
	@article{ 10.1109/DISCEX.2003.1194871, author = {Robert Watson and Brian Feldman and Adam Migus and Chris Vance}, title = {Design and Implementation of the TrustedBSD MAC Framework}, journal ={DARPA Information Survivability Conference and Exposition,}, volume = {1}, year = {2003}, issn = {2003102155}, pages = {38}, doi = {http://doi.ieeecomputersociety.org/10.1109/DISCEX.2003.1194871}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - DARPA Information Survivability Conference and Exposition, TI - Design and Implementation of the TrustedBSD MAC Framework SN - 2003102155 SP EP A1 - Robert Watson, A1 - Brian Feldman, A1 - Adam Migus, A1 - Chris Vance, PY - 2003 KW - null VL - 1 JA - DARPA Information Survivability Conference and Exposition, ER -

Robert Watson, Network Associates Laboratories

Brian Feldman, Network Associates Laboratories

Adam Migus, Network Associates Laboratories

Chris Vance, Network Associates Laboratories

Developing access control extensions for operating systems is an expensive and time-consuming task. Mechanisms available for access control extension lag behind industry standard extension solutions for file systems, process schedulers, and device drivers, and suffer from a number of serious flaws in modern multi-processor, multi-threaded kernels. In this paper, we explore the limitations of current technologies for security extension. We describe the TrustedBSD MAC Framework, a flexible and modular environment for operating system access control extensions on the open source FreeBSD platform. The TrustedBSD MAC Framework permits extensions to be introduced at compile-time, boot-time, or at run-time, and provides a number of services to support dynamically introduced policies, including policy-agnostic object labeling services and application interfaces. We discuss the design and implementation of the framework, as well as the an implementation of a fixed-label Biba integrity policy based on the framework.

Citation:

Robert Watson, Brian Feldman, Adam Migus, Chris Vance, "Design and Implementation of the TrustedBSD MAC Framework," discex, vol. 1, pp.38, DARPA Information Survivability Conference and Exposition - Volume I, 2003

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.