November 9, 2006
TrustedBSD Mandatory Access Control (MAC) Framework
Mandatory access controls extend discretionary access controls by allowing administrators to enforce additional security for all subjects (e.g. processes or sockets) and objects (e.g. sockets, file system objects, sysctl nodes) in the system. Development of those new access control models is facilitated by the development of a flexible kernel access control extension framework, the TrustedBSD MAC Framework. This permits new access control models to be introduced as kernel modules.