mac_biba.4 (107626) | mac_biba.4 (107717) |
---|---|
1.\" Copyright (c) 2002 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" | 1.\" Copyright (c) 2002 Networks Associates Technology, Inc. 2.\" All rights reserved. 3.\" 4.\" This software was developed for the FreeBSD Project by Chris 5.\" Costello at Safeport Network Services and NAI Labs, the Security 6.\" Research Division of Network Associates, Inc. under DARPA/SPAWAR 7.\" contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS 8.\" research program. --- 14 unchanged lines hidden (view full) --- 23.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 24.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 25.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 26.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 27.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 28.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 29.\" SUCH DAMAGE. 30.\" |
31.\" $FreeBSD: head/share/man/man4/mac_biba.4 107626 2002-12-05 00:05:38Z chris $ | 31.\" $FreeBSD: head/share/man/man4/mac_biba.4 107717 2002-12-10 00:39:17Z chris $ |
32.Dd NOVEMBER 18, 2002 33.Os 34.Dt MAC_BIBA 4 35.Sh NAME 36.Nm mac_biba 37.Nd Biba data integrity policy 38.Sh SYNOPSIS | 32.Dd NOVEMBER 18, 2002 33.Os 34.Dt MAC_BIBA 4 35.Sh NAME 36.Nm mac_biba 37.Nd Biba data integrity policy 38.Sh SYNOPSIS |
39To compile Biba into your kernel, place the following lines in your kernel 40configuration file: |
|
39.Cd "options MAC" | 41.Cd "options MAC" |
40.Li "kldload mac_biba" | 42.Cd "options MAC_BIBA" 43.Pp 44Alternately, to load the Biba module at boot time, place the following line 45in your kernel configuration file: 46.Cd "options MAC" 47.Pp 48and in 49.Xr loader.conf 5 : 50.Cd mac_biba_load= Ns \&"YES" |
41.Sh DESCRIPTION 42The 43.Nm 44policy module implements the Biba integrity model, 45which protects the integrity of system objects and subjects by means of 46a strict information flow policy. 47In Biba, all system subjects and objects are assigned integrity labels, made 48up of hierarchal grades, and non-hierarchal components. --- 111 unchanged lines hidden (view full) --- 160.Xr mac_mls 4 , 161with the exception that the dominance operator and access rules are reversed, 162preventing the downward flow of information rather than the upward flow of 163information. 164Multi-Level Security (MLS) protects the confentiality, rather than the 165integrity, of subjects and objects. 166.Sh SEE ALSO 167.Xr LOMAC 4 , | 51.Sh DESCRIPTION 52The 53.Nm 54policy module implements the Biba integrity model, 55which protects the integrity of system objects and subjects by means of 56a strict information flow policy. 57In Biba, all system subjects and objects are assigned integrity labels, made 58up of hierarchal grades, and non-hierarchal components. --- 111 unchanged lines hidden (view full) --- 170.Xr mac_mls 4 , 171with the exception that the dominance operator and access rules are reversed, 172preventing the downward flow of information rather than the upward flow of 173information. 174Multi-Level Security (MLS) protects the confentiality, rather than the 175integrity, of subjects and objects. 176.Sh SEE ALSO 177.Xr LOMAC 4 , |
178.Xr mac_bsdextended 4 , |
|
168.Xr mac_mls 4 , | 179.Xr mac_mls 4 , |
180.Xr mac_none 4 , 181.Xr mac_seeotheruids 4 , 182.Xr mac_test 4 , |
|
169.Xr mac 9 170.Sh HISTORY 171The 172.Nm 173policy module first appeared in 174.Fx 5.0 175and was developed by the TrustedBSD Project. 176.Sh AUTHORS 177This software was contributed to the 178.Fx 179Project by Network Associates Labs, 180the Security Research Division of Network Associates 181Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 182as part of the DARPA CHATS research program. | 183.Xr mac 9 184.Sh HISTORY 185The 186.Nm 187policy module first appeared in 188.Fx 5.0 189and was developed by the TrustedBSD Project. 190.Sh AUTHORS 191This software was contributed to the 192.Fx 193Project by Network Associates Labs, 194the Security Research Division of Network Associates 195Inc. under DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), 196as part of the DARPA CHATS research program. |