PERFORCE change 26746 for review

Chris Costello chris at
Wed Mar 12 06:16:24 GMT 2003

Change 26746 by chris at chris_holly on 2003/03/11 22:16:13

	Move to a much more correct outline (in conjunction with a rather
	lengthy discussion with Adam Migus) that we've now more or less
	committed to.  This move was based in (large) part on notes 
	developed by Tim Fraser and Robert Watson found deep in the
	CBOSS repository.
	This is much closer to being 'locked in', so there will be much more
	content development committed to the branch.
	Or, to put it in another way, we've figured out which way we're
	really going, and full steam ahead!

Affected files ...

.. //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#5 edit

Differences ...

==== //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#5 (text+ko) ====

@@ -1,46 +1,51 @@
-$P4: //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#4 $
+$P4: //depot/projects/trustedbsd/doc/en_US.ISO8859-1/books/sec-arch/OUTLINE.TrustedBSD#5 $
-This document outlines the Security Architecture (WIP).  As time progresses
-and more of the document becomes written, each entry in the outline will
-be tagged with a maintainer/author and a short status note.
+This document outlines the Security Architecture (WIP).
 This outline is subject to change at any point.  At this point it is fairly
 incomplete as well.
-NOTE: "[UN]" designates a section currently without a title, usually because
-      it hasn't been written yet.
 The FreeBSD Security Architecture Handbook
-Abstract (chris) - Explains what exactly the book is about, why it was
-		   commissioned, etc.
+Abstract - Explains what exactly the book is about, why it was commissioned, etc.
-Preface (chris - Not complete)
+Preface (incomplete)
 	This Book's Audience
 	Organization of this Book
 I. Introduction
-	1. Security Defined
-	2. Security-Related Definitions
-		2.1. Security Policy
-		2.2. MAC
-		2.3. DAC
-II. Kernel Security ("Kernel Security Model?")
-	3. Kernel Security Policy[footnote 1]
-		3.1. Subjects and Objects
-		3.2. [UN] Regarding suser, the root user, etc.
-		3.3. [UN] DAC on files
-		3.4. [UN] MAC
-			3.4.[1-N]. mac_{biba,mls,etc.}
-III. Userland Security ("Userland Security Model?")
-	4. Userland Security Policy[footnote 2]
-	5. [UN] Mandatory Interaction with Kernel Security Mechanisms
-	6. [UN] Non-Mandatory Interaction with Kernel Security Mechanisms
-	7. Userland Security Services[footnote 3]
-[1] Kernel Security Policy; should MAC and non-MAC be broken into separate
-    chapters?
-[2] What constitutes the userland security policy in FreeBSD?  Should we
-    just give examples...?
-[3] PAM, SSH, crypto, etc.
+	Content for the introduction will be decided upon once Chris
+	Costello's current introductory write-ups have found new homes
+	in the other sections of the book.
+II. Kernel Security
+        1. Subjects and Objects - subject requesting accesses on objects
+        2. Credentials - attached to subjects and objects ...
+        3. Mandatory Access Control
+                a. Definition of MAC (contrast with DAC, DAC does not deserve
+                   its own section)
+                b. Labels (contrast to credentials?)
+        n. Classes of services/objects and access models therefor
+                a. Types of objects
+                b. Enforcement of security policy at different levels
+                   of abstraction
+                c. Implementation details for each class
+III. Userland Security
+        1. UNIX security model as defined by POSIX (rwatson) - focus on
+           notion of the "user", process tree that progresses from high
+           privilege (init) to lower privilege, and specific gateways back
+           to higher privilege (binaries granting new identity or rights,
+           IPC daemons mantaining these rights, ex. syslog, etc.),
+           discuss userland <--> {device,tty,session} <--> kernel
+        2. Mandatory Access Control
+		1. Labels - what they look like, how to set them, references
+		   to the manual
+                2. Types of Policies
+                        a. Information Flow - explain restrictions on the
+                           flow of information, contrast to DAC
+                        b. Confidentiality - compare to information flow,
+                           contrast to DAC
+        [3..n]. Userland-specific things.  Want to discuss PAM, libutil first,
+                then go into ftpd, ssh, fingerd, etc.  Almost (if not
+                completely?) as thorough as the kernel security services
+                enumeration.
+        [n+1..z]. Mixed kernel/user interfaces, like chroot and jail.
To Unsubscribe: send mail to majordomo at
with "unsubscribe trustedbsd-cvs" in the body of the message

More information about the trustedbsd-cvs mailing list