diff options
Diffstat (limited to 'static/freebsd/man4/mac_biba.4 3.html')
| -rw-r--r-- | static/freebsd/man4/mac_biba.4 3.html | 197 |
1 files changed, 197 insertions, 0 deletions
diff --git a/static/freebsd/man4/mac_biba.4 3.html b/static/freebsd/man4/mac_biba.4 3.html new file mode 100644 index 00000000..2c1611ce --- /dev/null +++ b/static/freebsd/man4/mac_biba.4 3.html @@ -0,0 +1,197 @@ +<table class="head"> + <tr> + <td class="head-ltitle">MAC_BIBA(4)</td> + <td class="head-vol">Device Drivers Manual</td> + <td class="head-rtitle">MAC_BIBA(4)</td> + </tr> +</table> +<div class="manual-text"> +<section class="Sh"> +<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1> +<p class="Pp"><code class="Nm">mac_biba</code> — <span class="Nd">Biba + data integrity policy</span></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1> +<p class="Pp">To compile Biba into your kernel, place the following lines in + your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code> +<br/> +<code class="Cd">options MAC_BIBA</code></div> +<p class="Pp">Alternately, to load the Biba module at boot time, place the + following line in your kernel configuration file:</p> +<div class="Bd Pp Bd-indent"><code class="Cd">options MAC</code></div> +<p class="Pp">and in <a class="Xr">loader.conf(5)</a>:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>mac_biba_load="YES"</pre> +</div> +</section> +<section class="Sh"> +<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1> +<p class="Pp">The <code class="Nm">mac_biba</code> policy module implements the + Biba integrity model, which protects the integrity of system objects and + subjects by means of a strict information flow policy. In Biba, all system + subjects and objects are assigned integrity labels, made up of hierarchal + grades, and non-hierarchal components. Together, these label elements permit + all labels to be placed in a partial order, with information flow + protections based on a dominance operator describing the order. The + hierarchal grade field is expressed as a value between 0 and 65535, with + higher values reflecting higher integrity. The non-hierarchal compartment + field is expressed as a set of up to 256 components, numbered from 0 to 255. + A complete label consists of both hierarchal and non-hierarchal + elements.</p> +<p class="Pp">Three special label values exist:</p> +<table class="Bl-column Bd-indent"> + <tr id="Label"> + <td><a class="permalink" href="#Label"><b class="Sy">Label</b></a></td> + <td><a class="permalink" href="#Comparison"><b class="Sy" id="Comparison">Comparison</b></a></td> + </tr> + <tr id="biba/low"> + <td><a class="permalink" href="#biba/low"><code class="Li">biba/low</code></a></td> + <td>lower than all other labels</td> + </tr> + <tr id="biba/equal"> + <td><a class="permalink" href="#biba/equal"><code class="Li">biba/equal</code></a></td> + <td>equal to all other labels</td> + </tr> + <tr id="biba/high"> + <td><a class="permalink" href="#biba/high"><code class="Li">biba/high</code></a></td> + <td>higher than all other labels</td> + </tr> +</table> +<p class="Pp">The “<code class="Li">biba/high</code>” label is + assigned to system objects which affect the integrity of the system as a + whole. The “<code class="Li">biba/equal</code>” label may be + used to indicate that a particular subject or object is exempt from the Biba + protections. These special label values are not specified as containing any + compartments, although in a label comparison, + “<code class="Li">biba/high</code>” appears to contain all + compartments, “<code class="Li">biba/equal</code>” the same + compartments as the other label to which it is being compared, and + “<code class="Li">biba/low</code>” none.</p> +<p class="Pp">In general, Biba access control takes the following model:</p> +<ul class="Bl-bullet"> + <li>A subject at the same integrity level as an object may both read from and + write to the object as though Biba protections were not in place.</li> + <li>A subject at a higher integrity level than an object may write to the + object, but not read the object.</li> + <li>A subject at a lower integrity level than an object may read the object, + but not write to the object.</li> + <li>If the subject and object labels may not be compared in the partial order, + all access is restricted.</li> +</ul> +<p class="Pp">These rules prevent subjects of lower integrity from influencing + the behavior of higher integrity subjects by preventing the flow of + information, and hence control, from allowing low integrity subjects to + modify either a high integrity object or high integrity subjects acting on + those objects. Biba integrity policies may be appropriate in a number of + environments, both from the perspective of preventing corruption of the + operating system, and corruption of user data if marked as higher integrity + than the attacker. In traditional trusted operating systems, the Biba + integrity model is used to protect the Trusted Code Base (TCB).</p> +<p class="Pp">The Biba integrity model is similar to + <a class="Xr">mac_lomac(4)</a>, with the exception that LOMAC permits access + by a higher integrity subject to a lower integrity object, but downgrades + the integrity level of the subject to prevent integrity rules from being + violated. Biba is a fixed label policy in that all subject and object label + changes are explicit, whereas LOMAC is a floating label policy.</p> +<p class="Pp">The Biba integrity model is also similar to + <a class="Xr">mac_mls(4)</a>, with the exception that the dominance operator + and access rules are reversed, preventing the downward flow of information + rather than the upward flow of information. Multi-Level Security (MLS) + protects the confidentiality, rather than the integrity, of subjects and + objects.</p> +<section class="Ss"> +<h2 class="Ss" id="Label_Format"><a class="permalink" href="#Label_Format">Label + Format</a></h2> +<p class="Pp">Almost all system objects are tagged with an effective, active + label element, reflecting the integrity of the object, or integrity of the + data contained in the object. In general, objects labels are represented in + the following form:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><code class="Li">biba/</code><var class="Ar">grade</var>:<var class="Ar">compartments</var></div> +<p class="Pp">For example:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>biba/10:2+3+6 +biba/low</pre> +</div> +<p class="Pp">Subject labels consist of three label elements: an effective + (active) label, as well as a range of available labels. This range is + represented using two ordered Biba label elements, and when set on a + process, permits the process to change its active label to any label of + greater or equal integrity to the low end of the range, and lesser or equal + integrity to the high end of the range. In general, subject labels are + represented in the following form:</p> +<p class="Pp"></p> +<div class="Bd + Bd-indent"><code class="Li">biba/</code><var class="Ar">effectivegrade</var>:<var class="Ar">effectivecompartments</var>(<var class="Ar">lograde</var>:<var class="Ar">locompartments-</var></div> +<div class="Bd + Bd-indent"><var class="Ar">higrade</var>:<var class="Ar">hicompartments</var></div> +) +<p class="Pp">For example:</p> +<div class="Bd Pp Bd-indent Li"> +<pre>biba/10:2+3+6(5:2+3-20:2+3+4+5+6) +biba/high(low-high)</pre> +</div> +<p class="Pp">Valid ranged labels must meet the following requirement regarding + their elements:</p> +<p class="Pp"></p> +<div class="Bd Bd-indent"><var class="Ar">rangehigh</var> + <span class="No">≥</span> <var class="Ar">effective</var> + <span class="No">≥</span> <var class="Ar">rangelow</var></div> +<p class="Pp">One class of objects with ranges currently exists, the network + interface. In the case of the network interface, the effective label element + references the default label for packets received over the interface, and + the range represents the range of acceptable labels of packets to be + transmitted over the interface.</p> +</section> +<section class="Ss"> +<h2 class="Ss" id="Runtime_Configuration"><a class="permalink" href="#Runtime_Configuration">Runtime + Configuration</a></h2> +<p class="Pp">The following <a class="Xr">sysctl(8)</a> MIBs are available for + fine-tuning the enforcement of this MAC policy.</p> +<dl class="Bl-tag"> + <dt id="security.mac.biba.enabled"><var class="Va">security.mac.biba.enabled</var></dt> + <dd>Enables enforcement of the Biba integrity policy. (Default: 1).</dd> + <dt id="security.mac.biba.ptys_equal"><var class="Va">security.mac.biba.ptys_equal</var></dt> + <dd>Label <a class="Xr">pty(4)</a>s as + “<code class="Li">biba/equal</code>” upon creation. + (Default: 0).</dd> + <dt id="security.mac.biba.revocation_enabled"><var class="Va">security.mac.biba.revocation_enabled</var></dt> + <dd>Revoke access to objects if the label is changed to dominate the subject. + (Default: 0).</dd> +</dl> +</section> +</section> +<section class="Sh"> +<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE + ALSO</a></h1> +<p class="Pp"><a class="Xr">mac(4)</a>, <a class="Xr">mac_bsdextended(4)</a>, + <a class="Xr">mac_ifoff(4)</a>, <a class="Xr">mac_lomac(4)</a>, + <a class="Xr">mac_mls(4)</a>, <a class="Xr">mac_none(4)</a>, + <a class="Xr">mac_partition(4)</a>, <a class="Xr">mac_portacl(4)</a>, + <a class="Xr">mac_seeotheruids(4)</a>, <a class="Xr">mac_test(4)</a>, + <a class="Xr">maclabel(7)</a>, <a class="Xr">mac(9)</a></p> +</section> +<section class="Sh"> +<h1 class="Sh" id="HISTORY"><a class="permalink" href="#HISTORY">HISTORY</a></h1> +<p class="Pp">The <code class="Nm">mac_biba</code> policy module first appeared + in <span class="Ux">FreeBSD 5.0</span> and was developed by the TrustedBSD + Project.</p> +</section> +<section class="Sh"> +<h1 class="Sh" id="AUTHORS"><a class="permalink" href="#AUTHORS">AUTHORS</a></h1> +<p class="Pp">This software was contributed to the + <span class="Ux">FreeBSD</span> Project by Network Associates Labs, the + Security Research Division of Network Associates Inc. under DARPA/SPAWAR + contract N66001-01-C-8035 (“CBOSS”), as part of the DARPA + CHATS research program.</p> +</section> +</div> +<table class="foot"> + <tr> + <td class="foot-date">November 18, 2002</td> + <td class="foot-os">FreeBSD 15.0</td> + </tr> +</table> |