The TrustedBSD MAC Framework: Extensible Kernel Access Control for FreeBSD 5.0

Robert N. M. Watson <rwatson@freebsd.org>

We explore the requirements, design, and implementation of the TrustedBSD MAC Framework. The TrustedBSD MAC Frame work, inte grated into FreeBSD 5.0, provides a flexible frame work for kernel access control extension, permitting extensions to be introduced more easily, and avoiding the need for direct modification of distributed kernel sources. We also consider the performance impact of the Framework on the FreeBSD 5.0 kernel in several test environments.