User:Doktor Who/Archive001/TrustedBSD

The TrustedBSD project provides a set of trusted operating system extensions to the FreeBSD operating system, begun primarily by Robert Watson. The goal of the project has been implementing concepts from the Common Criteria for Information Technology Security Evaluation and the Orange Book. This project is still under development, and many of these trusted extensions have been integrated into the FreeBSD 5.x, 6.x, and now 7.x current development track.

The main focuses of the TrustedBSD project are working on access control lists, event auditing, extended attributes, fine-grained capabilities, and mandatory access controls. As part of the TrustedBSD project, there is also a port of the NSA's FLASK/TE implementation in SELinux to run on FreeBSD. More recent work includes the development of OpenBSM, an open source implementation of Sun's Basic Security Module (BSM) API and file format for audit logs, which supports an extensive security audit system that will be shipped as part of FreeBSD 6.1.

While most components of the TrustedBSD project are eventually folded into the main sources for FreeBSD, this is not their only destination. Many features, once fully matured, find their way into OpenBSD and Apple Computer's Darwin.

• Security focused operating system
• Capability (computers)
• Capabilities vs. ACLs
• Computer security
• Security engineering
• FreeBSD
• OpenBSM
• bug.lv

• TrustedBSD Website
• OpenBSM Website

• FreeBSD Handbook: Security Event Auditing
• FreeBSD Handbook: File System Access Control Lists
• FreeBSD Handbook: Mandatory Access Control (MAC)
• FreeBSD Developer's Handbook: The TrustedBSD MAC Framework