Hacker News new | past | comments | ask | show | jobs | submit login

The TrustedBSD features are used by appliance vendors who base their product on FreeBSD. Applicances have very narrow profiles of acceptable use and thus it's actually sane to develop policies for them.



That's true. It goes back further than TrustedBSD: Secure Computing Corporation invented Type Enforcement, put it in a high assurance system (LOCK), put it into a BSD-OS for a firewall (Sidewinder firewall), and helped create Flask architecture for integration of type enforcement into vanilla OS's. Flask was ported to Linux in SELinux project. That got enough acceptance that TrustedBSD project was started to do same for FreeBSD. So, full circle back the the OS the tech was first fielded on.

LOCK System http://www.cyberdefenseagency.com/publications/LOCK-An_Histo...

Sidewinder firewall http://www.ittoday.info/AIMS/DSM/83-10-35.pdf

Flask project/architecture https://www.cs.utah.edu/flux/fluke/html/flask.html

Nonetheless, the old stuff (esp LOCK & LOCK/ix) are still stronger in security architecture and design despite all these years. Good design is timeless I guess. :)

Note: Cambridge's CHERI project and CheriBSD are the cutting-edge for FreeBSD security as they do capability-security from hardware up with FreeBSD already ported. Also supports Capsicum, Flask, and separation kernels if one wanted. True integration of each major branch of INFOSEC. :)

https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: