欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2, C++/F#/Lisp
TrustedBSD
来自开放百科 - 灰狐
The TrustedBSD project provides a set of trusted operating system extensions to the FreeBSD operating system, targeting the Common Criteria for Information Technology Security Evaluation (CC). This project is still under development, and much of the code is destined to make its way back into the base FreeBSD operating system. This Web site will provide access to documentation, code relating to features that are still under development, and code that has its fingers in too many places to justify integrating into the base operating system. Targeted features include:
- Extensible and audited authorization framework to support access control modules. This framework provides general-purpose labeling of kernel subjects/objects, centralized policy management, and access to a variety of run-time security events. This will allow the compile-time, boot-time, and run-time extension of the operating system security model based in both TrustedBSD access control modules, and third-party modules that employ the extension framework.
- Mandatory access control modules based on the framework supporting a variety of access control models, including fixed and floating label Biba integrity policies, the MLS confidentiality policy, Type Enforcement, and other customized policies designed for common FreeBSD deployment scenarios. In addition, the SELinux FLASK and Type Enforcement implementations will be provided via an SEBSD module, providing access to the higher level FLASK service abstraction, and mature TE implementation.
- Improvements in system privilege to reduce the level of risk associated with common system management functions.
- Access control lists for the file system and other kernel resources allowing fine-grained and manageable discretionary access control.
- Event auditing support, OpenBMS audit API and audit trail file format, and single-host modular IDS system to monitor security events and notify administrators in the event of irregularities.
分享您的观点