Use of mandatory access control mechanism in FreeBSD 5.0 and Source code Analysis (1)

This article mainly describes the new important security mechanism in the FreeBSD 5.0 operating system, that is, the use of mandatory access control mechanism (MAC) and source code analysis, including mandatory access control framework and multilevel security (MLS) strategy. This section describes some of the things that you should do with the MAC framework and the MLS strategy, and how to use them effectively.

Mandatory access control (acronym MAC) is an important way to implement operating system security, and now almost all secure operating systems use mandatory access control as one of their core security mechanisms. Mandatory access control is a fine-grained access control for various objects of the operating system, such as files, sockets, System FIFO, SCD, IPC, etc., that is, when a user or user program accesses an object of the system, the mandatory access control mechanism checks the security of such access. Unlike autonomous access control, mandatory access control restricts the behavior of users and user programs, thereby achieving a higher level of security.

Mandatory access control is a mechanism that checks the access of the user and the user program to the object, but what kind of access is secure? This requires the introduction of the concept of security policy. A security policy can be considered a set of checks that define a security token for each subject (user or user program) and the object to be accessed (such as files), and then determine whether the access is secure by the security tag of the subject and the object. A variety of security policies have been developed, among which MLS is used most. MLS is the meaning of multi-level security, it was first used in the military field. Its basic idea is to define a number of security levels, such as from low to high points common, confidential, top-secret and other security level, the requirements of high security level of information can not be leaked to the low security level of users, so that the main body of low security level can not read the high security level of the object, while the high security level of the subject can not write low security level of the object. Please refer to the relevant information for details.

Like Linux, the FreeBSD system is an open source operating system, and the FreeBSD structure is clear, security is good, so the use is also very wide. Starting with the 5.0RC2 version, the FreeBSD kernel began introducing the mandatory access control mechanism. It implements a flexible universal Mac framework in the kernel, which accesses almost all core objects in the FreeBSD kernel, and this framework is designed and streamlined, allowing us to easily develop and hook up various security policy modules to the system. In order to our own strategy for the system security control. In addition, the system also provides a number of policy modules including MLS Strategy module for our selection.

This article from the Use and source code analysis of the two aspects of the FreeBSD system in detail on the mandatory access control mechanism, mainly including the MAC framework and MLS strategy, I believe that this part of the content of interested friends have inspiration.

Use of the mandatory access control mechanism in 1:FREEBSD 5.0

FreeBSD 5.0 RC2 release, the kernel source code already contains the MAC framework and some MAC policy modules (such as MLS policy module, Mac_none policy module for development and experimentation, integrity module Mac_biba, etc.), But this version of the kernel does not formally support the Mac, so by default, the code that implements the MAC framework is not compiled in the kernel. In addition, we will take the MLS strategy as an example to show how to use the MAC framework to load the policy module. In order to make the MLS strategy really practical, we also need to configure the extended file properties of the system, and so on, we will make a certain introduction. Finally, we will describe how to manipulate the Mac tag of a file or process, such as through a console command and how to use the system call interface in a program.