Code associated with the TrustedBSD Project is generally under a two-clause BSD-style license, permitting broad open source, closed source, non-commercial, and commercial reuse. For more information on licensing, see Legal Information. All code currently available for download on this page is extremely experimental, and not intended for use by those who are not experienced kernel programmers. Comments on code, as well as on new features and bug fixes, are welcome.
TrustedBSD is developed in a Perforce repository, and is made available via CVSup server cvsup10.FreeBSD.org. A sample supfile is available. See the list below for information on the collection names associated with the various development branches. As features reach maturity, the are merged into the main FreeBSD development tree, and in some cases, have also been adopted into the OpenBSD and Darwin development trees.
To subscribe to the trustedbsd-cvs mailing list, see the instructions on the mailing lists page. This provides access to CVS and Perforce commit messages associated with development occuring in the TrustedBSD development trees, including the Base (vendor) branch, Capabilities branch, Audit branch, MAC branch, SEBSD branch, and SEDarwin branch.
There are seven main branches of TrustedBSD development:
Access Control Lists
Access control lists allow more fine-grained discretionary access controls to be placed on files and directories. Currently, ACLs are backed to extended attributes on UFS file systems. An extended attribute implementation was layered onto UFS1, and a native implementation is available as part of UFS2. The finished ACL implementation has been available as part of FreeBSD since the 5.0 release. Some further application adaptation work is on-going, and is taking place in the FreeBSD development tree.
Event Auditing and OpenBSM
Collection: p4-cvs-trustedbsd-audit3
Event auditing permits the selective logging of security-relevant system events for the purposes of analysis. Several experimental implementations of audit for FreeBSD have been explored; the current implementation is based on OpenBSM, an open source implementation of Sun's Basic Security Module (BSM) API and file format donated by Apple Computer, Inc.
Extended Attributes
Extended attributes allow the kernel and userland processes to tag files with arbitrary named data. This provides a location to store the extensive security data required for the various TrustedBSD security extensions, including ACLs, capabilities and MAC labels. Extended attribute support has been developed for FreeBSD's UFS1 file system and integrated with the FreeBSD development tree, and was included in FreeBSD 5.0. UFS2 was implemented to provide improved performance and reliability for extended attributes, and has been available since FreeBSD 5.0. UFS2 became the default in FreeBSD 5.1, and is the recommended file system for TrustedBSD functionality.
Fine-Grained Capabilities
Collection: p4-cvs-trustedbsd-cap
Capabilities provide support for fine-grained process capabilities to authorize non-root processes to access privileged system resources, reducing requirements for a superuser account, and reducing risk in the event of compromise. The capabilities development branch is largely complete, but is based on an older FreeBSD 5.0-CURRENT snapshot. Elements of this implementation are being updated for FreeBSD 5.2 and will be available in 2003Q3 as part of the MAC Framework.
Mandatory Access Control
Collection: p4-cvs-trustedbsd-mac
Mandatory access controls extend discretionary access controls by allowing administrators to enforce additional security for all subjects (e.g. processes or sockets) and objects (e.g. sockets, file system objects, sysctl nodes) in the system. Development of those new access control models is facilitated by the development of a flexible kernel access control extension framework, the TrustedBSD MAC Framework. This permits new access control models to be introduced as kernel modules.
More information on the TrustedBSD MAC Framework and available policy modules, including Biba integrity, Multi-Level Security (MLS), and a port of NSA's FLASK architecture and Type Enforcement to FreeBSD, may be found on the MAC page.
Security-Enhanced BSD (SEBSD)
Collection: p4-cvs-trustedbsd-sebsd
More information on the port of NSA's FLASK/TE implementation in SELinux to run on FreeBSD as a plug-in module to the MAC Framework may be found on the SEBSD page.
Security-Enhanced Darwin (SEDarwin)
Collection: p4-cvs-trustedbsd-sedarwin
More information on the port of the TrustedBSD MAC Framework, sample policy modules, and SEBSD policy module to Apple's Darwin operating system may be found on the SEDarwin page.
Event Auditing
There are six main branches of TrustedBSD development:
@ 1.18 log @Add sedarwin.page, a description of the experimental port of the MAC Framework and SEBSD policy module to Apple's Darwin operating system, as well as a reference on the Components web page. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research @ text @d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.17 2003/09/22 16:06:51 rwatson Exp $ d174 5 a178 27Currently, modules exist that implement MLS (Multi-Level Security), a fixed-label Biba integrity policy, Type Enforcement, and several other security policies that reflect common requirements of typical FreeBSD deployment environments, such as mandatory limits on inter-user visibility in multi-user environments. The current implementation of Low-Watermark MAC (LOMAC) will also be ported to use the module framework. In addition, the DARPA-funded Network Associates Laboratories' CBOSS Project is porting the NSA FLASK/SELinux implementation (SEBSD) to run as an extension model over the TrustedBSD MAC Framework.
This work is primarily occuring in a TrustedBSD Perforce branch, but much of the framework has been merged to the main FreeBSD development tree and was included in FreeBSD 5.0 and forwards. The current implementation is appropriate for experimental or limited production use; both internal and exposed MAC APIs will not be frozen until 5.2-RELEASE. All policy modules with the exception of the SEBSD implementation have been merged into the FreeBSD tree at this point.
Work has also recently begun on an experimental port of the TrustedBSD MAC Framework from FreeBSD to Apple's Darwin operating system. Information on this port may be found below.
@ 1.17 log @Break the SEBSD description out onto its own page, since we'll be posting a fair amount more information there over the next few weeks. Improve the description of the status of the SEBSD MAC module work, as well as document that we (NAI Labs) intend to do a snapshot release of the SEBSD work in October, 2003. Update the sidebar to take these changes into account. @ text @d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.16 2003/08/01 14:36:43 rwatson Exp $ d75 1 a75 1 branch, and SEBSD branch. d196 5 d217 16 @ 1.16 log @Add inSEBSD is a port of NSA's FLASK/TE implementation in SELinux to run on FreeBSD as a plug-in module to the MAC Framework, as well as the policy files and necessary adaptations of FreeBSD's userland applications. At the time of this writing, the SEBSD module can be attached to the kernel and run in enforcing mode using a sample policy; many but not all relevant userland applications have been updated to properly interact with FLASK security contexts, including the login program. The FLASK implementation provides access to Type Enforcement (TE), as well as RBAC and a second MLS policy implementation.
The FLASK/TE implementation provided by NSA, SCC, and Network Associates Laboratories, is licensed under the GNU Public License (GPL), and will be distributed seperately from the remainder of the TrustedBSD components. However, these components are available as source code module that plugs into the MAC Framework.
@ 1.15 log @Update components page with FreeBSD release information; expand on some definitions and text. Add reference to the ongoing SEBSD port of the NSA SELinux FLASK/TE/... implementation to FreeBSD using the TrustedBSD MAC Framework, with checkout instructions. @ text @d4 1 a4 1 Copyright (c) 2002 Networks Associates Technology, Inc. d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.14 2003/04/20 16:02:06 rwatson Exp $ d81 1 a81 1Capabilities provide support for fine-grained process capabilities to authorize non-root processes to access privileged system resources, reducing requirements for a superuser account, and reducing risk in the event of compromise. Available code provides an initial framework for managing capabilities, and backing of capabilities for executable files in extended attributes is fully supported, but not all capabilities are fully implemented. An integration plan for the main tree has not yet been developed, although elements of this work are making their way into the MAC implementation.
d185 3 a187 1 This work is primarily occuring in a TrustedBSD Perforce d189 7 a195 7 main FreeBSD development tree for inclusion in FreeBSD 5.0-RELEASE. The implementation present in 5.0-RELEASE will be appropriate for experimental or limited production use; both internal and exposed MAC APIs will not be frozen until 5.2-RELEASE. Most current features of the MAC Framework, with the exception of SEBSD, have been merged to the main FreeBSD tree at this point. d197 30 a230 1 @ 1.13 log @Generally spell NAI Labs as Network Associates Laboratories for consistency; remove third clause of license per NETA permission. @ text @d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.12 2002/11/30 14:35:24 rwatson Exp $ d81 3 a83 3 FreeBSD 5.0-CURRENT development branch. This work is fairly mature, and will be appropriate for production use following FreeBSD 5.0-RELEASE in 2002Q3. d101 1 a101 1 We hope to remedy this problem in 2003Q1. @ 1.12 log @Remove clause 3 from NETA license, per approval of NETA. Assert my copyright for the web page text created 2000-2001. Assert Leigh Denault's copyright for 2001 for the page layout. @ text @d8 4 a11 4 Costello at Safeport Network Services and NAI Labs, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS research program. d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.11 2002/11/22 22:53:02 chris Exp $ d116 6 a121 6 the development of UFS2 as part of the DARPA-funded NAI Labs CBOSS Project. UFS2 will provide improved performance and reliability for EA-backed services, including ACLs, Capabilities, and MAC. This work is fairly mature, and will be appropriate for production use following FreeBSD 5.0-RELEASE. d175 12 a186 12 DARPA-funded NAI Labs CBOSS Project is porting the NSA FLASK/SELinux implementation (SEBSD) to run as an extension model over the TrustedBSD MAC Framework. This work is primarily occuring in a TrustedBSD Perforce branch, but much of the framework has been merged to the main FreeBSD development tree for inclusion in FreeBSD 5.0-RELEASE. The implementation present in 5.0-RELEASE will be appropriate for experimental or limited production use; both internal and exposed MAC APIs will not be frozen until 5.2-RELEASE. Most current features of the MAC Framework, with the exception of SEBSD, have been merged to the main FreeBSD tree at this point. @ 1.11 log @"UFS2 will provided ..." -> "... will provide" @ text @d2 2 a20 3 3. The names of the authors may not be used to endorse or promote products derived from this software without specific prior written permission. d40 1 a40 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.10 2002/11/11 04:56:10 rwatson Exp $ @ 1.10 log @Consistently sort collection label information and the component description. @ text @d41 1 a41 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.9 2002/11/05 17:09:22 rwatson Exp $ d118 1 a118 1 CBOSS Project. UFS2 will provided improved performance @ 1.9 log @Status updates of various TrustedBSD project components. @ text @d41 1 a41 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.8 2002/07/03 00:56:57 rwatson Exp $ d91 6 a103 5Collection: p4-cvs-trustedbsd-audit
@ 1.8 log @Spell June as July for beginning the MAC integration: we held off for KSE integration to take place, and in a week or two once that's stabilized, we'll start integrating. @ text @d41 1 a41 1 $FreeBSD: projects/trustedbsd/www/components.page,v 1.7 2002/07/01 04:08:38 chris Exp $ d53 4 a56 4 available for download is extremely experimental, and not intended for use by those who are not experienced kernel programmers. Comments on code, as well as on new features and bug fixes, are welcome. d64 4 a67 1 the various development branches. d78 7 a84 3 Currently, ACLs are backed to extended attributes on ffs file systems. All ACL development now takes place in the standard FreeBSD 5.0-CURRENT development branch. d90 8 a97 1There are six main branches of TrustedBSD development:
d97 3 a99 1 5.0-CURRENT development branch. d118 2 a119 3 capabilities are fully implemented Capability development now takes place in the standard FreeBSD 5.0-CURRENT development branch. d135 20 a154 5 the system. Currently the TrustedBSD MAC implementation provides support for four MAC models: the MLS (Multi-Level Security) confidentiality policy, the Biba integrity policy, and the Type Enforcement policy. @ 1.2 log @o Mark up CVS metadata using the `