head	1.17;
access;
symbols;
locks; strict;
comment	@# @;


1.17
date	2006.02.13.14.26.31;	author rwatson;	state dead;
branches;
next	1.16;

1.16
date	2005.01.21.18.39.28;	author rwatson;	state Exp;
branches;
next	1.15;

1.15
date	2005.01.18.15.21.44;	author trhodes;	state Exp;
branches;
next	1.14;

1.14
date	2003.11.06.21.37.41;	author rwatson;	state Exp;
branches;
next	1.13;

1.13
date	2003.08.01.17.19.56;	author chris;	state Exp;
branches;
next	1.12;

1.12
date	2003.08.01.16.32.27;	author rwatson;	state Exp;
branches;
next	1.11;

1.11
date	2003.04.20.16.05.30;	author rwatson;	state Exp;
branches;
next	1.10;

1.10
date	2003.04.20.16.03.14;	author rwatson;	state Exp;
branches;
next	1.9;

1.9
date	2003.02.26.17.12.33;	author rwatson;	state Exp;
branches;
next	1.8;

1.8
date	2002.12.23.22.34.04;	author rwatson;	state Exp;
branches;
next	1.7;

1.7
date	2002.12.22.04.00.26;	author rwatson;	state Exp;
branches;
next	1.6;

1.6
date	2002.12.19.07.20.45;	author chris;	state Exp;
branches;
next	1.5;

1.5
date	2002.11.30.14.35.24;	author rwatson;	state Exp;
branches;
next	1.4;

1.4
date	2002.07.08.21.18.10;	author rwatson;	state Exp;
branches;
next	1.3;

1.3
date	2002.07.08.13.36.05;	author chris;	state Exp;
branches;
next	1.2;

1.2
date	2002.05.02.22.23.43;	author chris;	state Exp;
branches;
next	1.1;

1.1
date	2002.05.02.00.31.14;	author chris;	state Exp;
branches;
next	;


desc
@@


1.17
log
@Remove TrustedBSD web page from CVS -- it's now being maintained in P4 so
that non-committers can help maintain it.  The new path is:

    //depot/projects/trustedbsd/www/...
@
text
@<!--
     Copyright (c) 2002, 2003 Networks Associates Technology, Inc.
     All rights reserved.

     This software was developed for the FreeBSD Project by Chris
     Costello at Safeport Network Services and Network Associates
     Laboratories, the Security Research Division of Network Associates,
     Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part
     of the DARPA CHATS research program.
 
     Redistribution and use in source and binary forms, with or without
     modification, are permitted provided that the following conditions
     are met:
     1. Redistributions of source code must retain the above copyright
        notice, this list of conditions and the following disclaimer.
     2. Redistributions in binary form must reproduce the above copyright
        notice, this list of conditions and the following disclaimer in the
        documentation and/or other materials provided with the distribution.
 
     THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND
     ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE
     FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     SUCH DAMAGE.
-->

<bibliography>
  <title>Implementation Papers</title>

  <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
    <cvs:keyword name="freebsd">
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.16 2005/01/21 18:39:28 rwatson Exp $
    </cvs:keyword>
  </cvs:keywords>

  <entry role="paper" date="20030709">
    <title>Security-Enhanced BSD</title>
    <author>
      <name>Chris Vance</name>

      <affil>Network Associates Laboratories</affil>
    </author>

    <author>
      <name>Robert Watson</name>

      <affil>Network Associates Laboratories</affil>
    </author>

    <audience>
      <venue>Network Associates Laboratories Technical Report</venue>

      <city>Rockville</city> <state>MD</state>

      <date>July 9, 2003</date>
    </audience>

    <download>
      <file url="sebsd-july2003.pdf" format="PDF" />
    </download>

    <abstract>Network Associates Laboratories has completed an initial
      port of the Flask security architecture and other components of
      Security Enhanced Linux (SELinux) to the FreeBSD operating system.
      This project, called Security Enhanced BSD (SEBSD), started with
      the TrustedBSD MAC Framework and integrated the Flask access
      vector cache and security server to make policy decisions.  Then,
      support was added to the kernel to manage security fields and
      enforce permissions on files and processes.  To demonstrate the
      resulting kernel functionality, a policy compiler and file system
      label management tools were ported.  Also, modifications to login,
      ls, and the ps program were integrated into the corresponding
      FreeBSD programs.  This paper discusses the TrustedBSD MAC Framework,
      label management, access control checks, and differences between
      SEBSD and SELinux.</abstract>
  </entry>

  <entry role="paper" date="20000908">
    <title>Introducing Supporting Infrastructure for Trusted Operating
      System Support in FreeBSD</title>

    <author>
      <name>Robert Watson</name>

      <affil>FreeBSD Project</affil>
    </author>

    <audience>
      <venue>BSDCon 2000</venue>

      <city>Monterey</city> <state>CA</state>

      <date>September 8, 2000</date>
    </audience>

    <download>
      <file url="trustedbsd-bsdcon-2000.ps.gz" format="PostScript" />
    </download>

    <abstract>Trusted operating systems provide a number of features
      beyond the standard discretionary access control policies of
      commercial, off-the-shelf operating systems. These include features
      such as fine-grained event auditing, least-privilege design,
      mandatory access control policies, and extensive design
      documentation. The TrustedBSD project is adding trusted operating
      system features to FreeBSD, an open source UNIX-like operating
      system under a liberal license. However, TrustedBSD requires
      extensive changes to the access control mechanisms in FreeBSD. At
      this point in the project, we have implemented file system extended
      attributes for storing security labels on files, revamped internal
      handling of privilege in the operating systems, and are working on
      an improved generalized access control system.</abstract>
  </entry>

  <entry role="paper" date="20010728">
    <title>TrustedBSD: Adding Trusted Operating System Features to
      FreeBSD</title>

    <author>
      <name>Robert Watson</name>

      <affil>Network Associates Laboratories / FreeBSD Project</affil>
    </author>

    <audience>
      <venue>USENIX Technical Conference</venue>

      <city>Boston</city> <state>MA</state>

      <date>June 28, 2001</date>
    </audience>

    <download>
      <file url="trustedbsd-freenix-2001.ps.gz" format="PostScript" />
    </download>

    <abstract>Trusted operating systems provide a ``next level'' of system
      security, offering both new security features and higher
      assurance that they are properly implemented. TrustedBSD
      is an on-going project to integrate a number of trusted OS
      features into the open source FreeBSD operating system,
      and involves both architectural and development process
      improvements. This paper describes how the open source
      development practices of the FreeBSD Project impacted the
      design and implementation choices for these features,
      and describes lessons learned that will influence future
      work. Several key TrustedBSD features are discussed as
      examples of how new security services may be introduced in
      such an environment.</abstract>
  </entry>

  <entry role="paper" date="20030600">
    <title>The TrustedBSD MAC Framework: Extensible Kernel Access Control
      for FreeBSD 5.0</title>

    <author>
      <name>Robert Watson</name>
      <affil>Network Associates Laboratories / FreeBSD Project</affil>
    </author>

    <author>
      <name>Wayne Morrison</name>
      <affil>Network Associates Laboratories</affil>
    </author>

    <author>
      <name>Chris Vance</name>
      <affil>Network Associates Laboratories</affil>
    </author>

    <author>
      <name>Brian Feldman</name>
      <affil>FreeBSD Project</affil>
    </author>

    <audience>
      <venue>USENIX Annual Technical Conference</venue>
      <city>San Antonio</city> <state>TX</state>
      <date>June, 2003</date>
    </audience>

    <download>
      <file url="trustedbsd-usenix2003freenix.pdf.gz" format="PDF" />
      <file url="trustedbsd-usenix2003freenix.ps.gz" format="PostScript" />
    </download>

    <abstract>We explore the requirements, design, and
      implementation of the TrustedBSD MAC Framework.
      The TrustedBSD MAC Framework, integrated into FreeBSD 5.0,
      provides a flexible framework for kernel access control
      extension, permitting extensions to be introduced
      more easily, and avoiding the need for direct modification of
      distributed kernel sources.
      We also consider the performance impact of the Framework on the
      FreeBSD 5.0 kernel in several test environments.</abstract>
  </entry>

  <entry role="doc">
    <title>FreeBSD Handbook: File System Access Control Lists</title>

    <author>
      <name>Tom Rhodes</name>

      <affil>FreeBSD Project</affil>
    </author>

    <download>
      <file url="http://www.FreeBSD.org/doc/en_US.ISO8859-1/books/handbook/fs-acl.html" format="HTML" />
    </download>

    <abstract>Brief introduction to configuring and using TrustedBSD
      access control lists on FreeBSD 5.X.</abstract>
  </entry>

  <entry role="doc">
    <title>FreeBSD Handbook: Mandatory Access Control (MAC)</title>

    <author>
      <name>Tom Rhodes</name>

      <affil>FreeBSD Project</affil>
    </author>

    <download>
      <file url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mac.html" format="HTML" />
    </download>

    <abstract>Introduction to configuring and using the TrustedBSD
      Mandatory Access Control (MAC) Framework, as well as a list of
      currently shipped MAC policy modules and implementation
      examples.</abstract>
  </entry>

  <entry role="doc">
    <title>FreeBSD Developer's Handbook: The TrustedBSD MAC Framework</title>

    <author>
      <name>Robert Watson</name>

      <affil>Network Associates Laboratories / FreeBSD Project</affil>
    </author>

    <author>
      <name>Chris Costello</name>

      <affil>Safeport Network Services / FreeBSD Project</affil>
    </author>

    <download>
      <file url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/arch-handbook/mac.html" format="HTML" />
    </download>

    <abstract>Work in progress.
      Developer's introduction to the TrustedBSD MAC Framework,
      targetted at writers of new MAC policy modules.</abstract>
  </entry>

  <entry role="paper" date="20030400">
    <title>Design and Implementation of the TrustedBSD MAC Framework</title>

    <author>
      <name>Robert Watson</name>
      <affil>Network Associates Laboratories / FreeBSD Project</affil>
    </author>

    <author>
      <name>Brian Feldman</name>
      <affil>Network Associates Laboratories / FreeBSD Project</affil>
    </author>

    <author>
      <name>Adam Migus</name>
      <affil>Network Associates Laboratories</affil>
    </author>

    <author>
      <name>Chris Vance</name>
      <affil>Network Associates Laboratories</affil>
    </author>

    <audience>
      <venue>Third DARPA Information Survivability Conference and Exhibition
	(DISCEX3); proceedings published by IEEE.</venue>
      <city>Washington</city> <state>DC</state>
      <date>April, 2003</date>
    </audience>

    <download>
      <file url="trustedbsd-discex3.pdf" format="PDF" />
      <file url="trustedbsd-discex3.ps" format="PostScript" />
    </download>

    <abstract>Developing access control extensions for operating systems
      is an expensive and time-consuming task.  Mechanisms available for
      access control extension lag behind industry standard extension
      solutions for file systems, process schedulers, and device drivers,
      and suffer from a number of serious flaws in modern multi-processor,
      multi-threaded kernels.  In this paper, we explore the limitations
      of current technologies for security extension.  We describe 
      the TrustedBSD MAC Framework, a flexible and modular environment
      for operating system access control extensions on the open source
      FreeBSD platform.  The TrustedBSD MAC Framework permits extensions
      to be introduced at compile-time, boot-time, or at run-time, and
      provides a number of services to support dynamically introduced
      policies, including policy-agnostic object labeling services and
      application interfaces.  We discuss the design and implementation of
      the framework, as well as the an implementation of a fixed-label
      Biba integrity policy based on the framework.</abstract>
  </entry>

</bibliography>
@


1.16
log
@Update URL for the Architecture Handbook's MAC Framework policy
module chapter.  Apparently it's been broken for a while.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.15 2005/01/18 15:21:44 trhodes Exp $
@


1.15
log
@Update the available documentation list.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.14 2003/11/06 21:37:41 rwatson Exp $
d256 1
a256 1
      <file url="http://www.freebsd.org/doc/en_US.ISO8859-1/books/developers-handbook/mac.html" format="HTML" />
@


1.14
log
@Add "Security Enhanced BSD" technical report from Network Associates
Laboratories.  This report describes work through early July to port
the SELinux FLASK and TE implementation to FreeBSD using the TrustedBSD
MAC Framework.  Release approval from the sponsor took a while, which
is why it has only just gone up now.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.13 2003/08/01 17:19:56 chris Exp $
d209 2
d218 1
a218 1
      access control lists on FreeBSD 5.0.</abstract>
d225 1
a225 1
      <name>Robert Watson</name>
d227 1
a227 1
      <affil>Network Associates Laboratories / FreeBSD Project</affil>
d234 1
a234 1
    <abstract>Brief introduction to configuring and using the TrustedBSD
d236 2
a237 1
      currently shipped MAC policy modules.</abstract>
@


1.13
log
@o Explicitly set GLOBAL_XML to sidebar.xml
o Split documentation up between Implementation Papers and Documentation.
o Update sidebar.xml to reflect the new sections.
o Sort implementation papers by date; make sure, then, that new entries
  include a role= and date= attribute.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.12 2003/08/01 16:32:27 rwatson Exp $
d41 42
@


1.12
log
@Add the DISCEX3 TrustedBSD paper to the docs page.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.11 2003/04/20 16:05:30 rwatson Exp $
d42 1
a42 1
  <entry>
d79 1
a79 1
  <entry>
d116 1
a116 1
  <entry>
d162 1
a162 1
  <entry>
d177 1
a177 1
  <entry>
d195 1
a195 1
  <entry>
d219 1
a219 1
  <entry>
@


1.11
log
@Improve spelling of two filenames (accidental addition of a "-" in
href).
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.10 2003/04/20 16:03:14 rwatson Exp $
d218 54
@


1.10
log
@Add USENIX 2003/FREENIX TrustedBSD paper.
Update copyright.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.9 2003/02/26 17:12:33 rwatson Exp $
d147 2
a148 2
      <file url="trustedbsd-usenix2003-freenix.pdf.gz" format="PDF" />
      <file url="trustedbsd-usenix2003-freenix.ps.gz" format="PostScript" />
@


1.9
log
@Spelling fix for handbook chapter name.
@
text
@d2 1
a2 1
     Copyright (c) 2002 Networks Associates Technology, Inc.
d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.8 2002/12/23 22:34:04 rwatson Exp $
d114 46
@


1.8
log
@Generally spell NAI Labs as Network Associates Laboratories for
consistency; remove third clause of license per NETA permission.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.7 2002/12/22 04:00:26 rwatson Exp $
d132 1
a132 1
    <title>FreeBSD Handbook: Mandatory Access Cotnrol (MAC)</title>
@


1.7
log
@Hook up the URL for the TrustedBSD MAC Framework developer's handbook
chapter, apparently was missed during the last commit.
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.6 2002/12/19 07:20:45 chris Exp $
d86 1
a86 1
      <affil>NAI Labs / FreeBSD Project</affil>
@


1.6
log
@Add a few new documents to the Docs listing.

This made obvious the need for a more robust stylesheet (done).

Sponsored by:	DARPA, Network Associates Laboratories
Submitted by:	rwatson (new docs list entries)
@
text
@d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.5 2002/11/30 14:35:24 rwatson Exp $
d163 4
@


1.5
log
@Remove clause 3 from NETA license, per approval of NETA.

Assert my copyright for the web page text created 2000-2001.  Assert
Leigh Denault's copyright for 2001 for the page layout.
@
text
@d4 1
a4 1
     
d6 5
a10 5
     Costello at Safeport Network Services and NAI Labs, the Security
     Research Division of Network Associates, Inc. under DARPA/SPAWAR
     contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
     research program.
     
d19 1
a19 1
     
d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.4 2002/07/08 21:18:10 rwatson Exp $
d114 53
@


1.4
log
@Fix document path.
@
text
@a18 3
     3. The names of the authors may not be used to endorse or promote
        products derived from this software without specific prior written
        permission.
d38 1
a38 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.3 2002/07/08 13:36:05 chris Exp $
@


1.3
log
@Write stylesheet hooks for downloading copies of papers.
Link in the BSDCon 2000 and FREENIX 2001 papers to the Docs listing.

Sponsored by:	DARPA, NAI Labs
@
text
@d41 1
a41 1
      $FreeBSD: projects/trustedbsd/www/docs.bib,v 1.2 2002/05/02 22:23:43 chris Exp $
d64 1
a64 1
      <file url="docs/trustedbsd-bsdcon-2000.ps.gz" format="PostScript" />
@


1.2
log
@o Mark up CVS metadata using the `<cvs:>' namespace used in the FreeBSD
  Web site.
o Include the CVS ID tag in HTML output.

Sponsored by:	DARPA, NAI Labs
@
text
@d41 1
a41 1
      $FreeBSD$
d63 4
d99 4
@


1.1
log
@Welcome the TrustedBSD Web site code.  This is being kept here because
it is the best place for FreeBSD Doc. Project people to have access to
it, and because it can be easily mirrored.  It fulfills the requirement
that it is directly related to FreeBSD.

Sponsored by:	DARPA, NAI Labs
Obtained from:	TrustedBSD Project
@
text
@a33 2
     
     $FreeBSD$
d38 6
@