mac-biba.html

FreeBSD操作系统的详细使用手册

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content="HTML Tidy, see www.w3.org" />
<title>The MAC Biba Module</title>
<meta name="GENERATOR" content="Modular DocBook HTML Stylesheet Version 1.7" />
<link rel="HOME" title="FreeBSD Handbook" href="index.html" />
<link rel="UP" title="Mandatory Access Control" href="mac.html" />
<link rel="PREVIOUS" title="The MAC Multi-Level Security Module" href="mac-mls.html" />
<link rel="NEXT" title="The MAC LOMAC Module" href="mac-lomac.html" />
<link rel="STYLESHEET" type="text/css" href="docbook.css" />
</head>
<body class="SECT1" bgcolor="#FFFFFF" text="#000000" link="#0000FF" vlink="#840084"
alink="#0000FF">
<div class="NAVHEADER">
<table summary="Header navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<th colspan="3" align="center">FreeBSD Handbook</th>
</tr>

<tr>
<td width="10%" align="left" valign="bottom"><a href="mac-mls.html"
accesskey="P">Prev</a></td>
<td width="80%" align="center" valign="bottom">Chapter 15 Mandatory Access Control</td>
<td width="10%" align="right" valign="bottom"><a href="mac-lomac.html"
accesskey="N">Next</a></td>
</tr>
</table>

<hr align="LEFT" width="100%" />
</div>

<div class="SECT1">
<h1 class="SECT1"><a id="MAC-BIBA" name="MAC-BIBA">15.12 The MAC Biba Module</a></h1>

<p>Module name: <tt class="FILENAME">mac_biba.ko</tt></p>

<p>Kernel configuration line: <var class="LITERAL">options MAC_BIBA</var></p>

<p>Boot option: <var class="LITERAL">mac_biba_load="YES"</var></p>

<p>The <a href="http://www.FreeBSD.org/cgi/man.cgi?query=mac_biba&sektion=4"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">mac_biba</span>(4)</span></a> module
loads the <acronym class="ACRONYM">MAC</acronym> Biba policy. This policy works much like
that of the <acronym class="ACRONYM">MLS</acronym> policy with the exception that the
rules for information flow are slightly reversed. This is said to prevent the downward
flow of sensitive information whereas the <acronym class="ACRONYM">MLS</acronym> policy
prevents the upward flow of sensitive information; thus, much of this section can apply
to both policies.</p>

<p>In Biba environments, an ``integrity'' label is set on each subject or object. These
labels are made up of hierarchal grades, and non-hierarchal components. As an object's or
subject's grade ascends, so does its integrity.</p>

<p>Supported labels are <var class="LITERAL">biba/low</var>, <var
class="LITERAL">biba/equal</var>, and <var class="LITERAL">biba/high</var>; as explained
below:</p>

<ul>
<li>
<p>The <var class="LITERAL">biba/low</var> label is considered the lowest integrity an
object or subject may have. Setting this on objects or subjects will block their write
access to objects or subjects marked high. They still have read access though.</p>
</li>

<li>
<p>The <var class="LITERAL">biba/equal</var> label should only be placed on objects
considered to be exempt from the policy.</p>
</li>

<li>
<p>The <var class="LITERAL">biba/high</var> label will permit writing to objects set at a
lower label but not permit reading that object. It is recommended that this label be
placed on objects that affect the integrity of the entire system.</p>
</li>
</ul>

<p>Biba provides for:</p>

<ul>
<li>
<p>Hierarchical integrity level with a set of non hierarchical integrity categories;</p>
</li>

<li>
<p>Fixed rules: no write up, no read down (opposite of <acronym
class="ACRONYM">MLS</acronym>). A subject can have write access to objects on its own
level or below, but not above. Similarly, a subject can have read access to objects on
its own level or above, but not below;</p>
</li>

<li>
<p>Integrity (preventing inappropriate modification of data);</p>
</li>

<li>
<p>Integrity levels (instead of MLS sensitivity levels).</p>
</li>
</ul>

<p>The following <tt class="COMMAND">sysctl</tt> tunables can be used to manipulate the
Biba policy.</p>

<ul>
<li>
<p><var class="LITERAL">security.mac.biba.enabled</var> may be used to enable/disable
enforcement of the Biba policy on the target machine.</p>
</li>

<li>
<p><var class="LITERAL">security.mac.biba.ptys_equal</var> may be used to disable the
Biba policy on <a href="http://www.FreeBSD.org/cgi/man.cgi?query=pty&sektion=4"><span
class="CITEREFENTRY"><span class="REFENTRYTITLE">pty</span>(4)</span></a> devices.</p>
</li>

<li>
<p><var class="LITERAL">security.mac.biba.revocation_enabled</var> will force the
revocation of access to objects if the label is changed to dominate the subject.</p>
</li>
</ul>

<p>To access the Biba policy setting on system objects, use the <tt
class="COMMAND">setfmac</tt> and <tt class="COMMAND">getfmac</tt> commands:</p>

<pre class="SCREEN">
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">setfmac biba/low test</kbd>
<samp class="PROMPT">#</samp> <kbd class="USERINPUT">getfmac test</kbd>
test: biba/low
</pre>

<p>Observations: a lower integrity subject is unable to write to a higher integrity
subject; a higher integrity subject cannot observe or read a lower integrity object.</p>
</div>

<div class="NAVFOOTER">
<hr align="LEFT" width="100%" />
<table summary="Footer navigation table" width="100%" border="0" cellpadding="0"
cellspacing="0">
<tr>
<td width="33%" align="left" valign="top"><a href="mac-mls.html"
accesskey="P">Prev</a></td>
<td width="34%" align="center" valign="top"><a href="index.html"
accesskey="H">Home</a></td>
<td width="33%" align="right" valign="top"><a href="mac-lomac.html"
accesskey="N">Next</a></td>
</tr>

<tr>
<td width="33%" align="left" valign="top">The MAC Multi-Level Security Module</td>
<td width="34%" align="center" valign="top"><a href="mac.html" accesskey="U">Up</a></td>
<td width="33%" align="right" valign="top">The MAC LOMAC Module</td>
</tr>
</table>
</div>

<p align="center"><small>This, and other documents, can be downloaded from <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/">ftp://ftp.FreeBSD.org/pub/FreeBSD/doc/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.<br />
For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</small></p>
</body>
</html>