Robert Watson has posted a number of status updates relating to
various pieces of work going on in the TrustedBSD Project, and in
particular, relating to integration of recent changes into the FreeBSD
CVS tree for inclusion in the upcoming 6.0 release. This includes a
information on verified execution, the MAC Framework, the SEBSD port
of NSA's FLASK/TE to FreeBSD, and the new security event audit
framework in FreeBSD 6.0.
Highlights include:
Status of three TrustedBSD talks/WIPs at BSDCan 2005
Status of the verified execution/checksum module for binaries, shared
libraries, and kernel modules
Information on recent work to merge coverage of POSIX semaphores and
System V IPC into the MAC Framework in the base system. Also some
other socket IPC related cleanup.
The addition of an extensive set of credential related MAC Framework
checks to permit modules such as mac_suidacl to run
The upcoming release of a new SEBSD ISO, which is the latest version
of the port of NSA's FLASK/TE code, also in SELinux, to FreeBSD.
FreeBSD 6.x will be even closer to being able to run SEBSD out of the
box, but some dependencies still need to be merged.
Large amounts of work are being done on the TrustedBSD Audit
implementation, and the OpenBSM user libraries, documentation, and
open source BSM audit tools area almost ready for their first release.
OpenBSM is actually a portable cross-platform audit tool suite
compatible with Sun's BSM audit API and audit trail format.
www.freebsd.org www.TrustedBSD.org