• ACLs
• Audit
• BSMtrace
• Extended Attributes and UFS2
• Capabilities
• GEOM
• MAC
• OpenBSM
• OpenPAM
• SEBSD
• SEDarwin

The TrustedBSD project provides a set of trusted operating system extensions to the FreeBSD operating system, targeting the Common Criteria for Information Technology Security Evaluation (CC). This project is still under development, and much of the code is destined to make its way back into the base FreeBSD operating system. This Web site will provide access to documentation, code relating to features that are still under development, and code that has its fingers in too many places to justify integrating into the base operating system. Targeted features include:

• Extensible and audited authorization framework to support access control modules. This framework provides general-purpose labeling of kernel subjects/objects, centralized policy management, and access to a variety of run-time security events. This will allow the compile-time, boot-time, and run-time extension of the operating system security model based in both TrustedBSD access control modules, and third-party modules that employ the extension framework.
• Mandatory access control modules based on the framework supporting a variety of access control models, including fixed and floating label Biba integrity policies, the MLS confidentiality policy, Type Enforcement, and other customized policies designed for common FreeBSD deployment scenarios. In addition, the SELinux FLASK and Type Enforcement implementations will be provided via an SEBSD module, providing access to the higher level FLASK service abstraction, and mature TE implementation.
• Improvements in system privilege to reduce the level of risk associated with common system management functions.
• Access control lists for the file system and other kernel resources allowing fine-grained and manageable discretionary access control.
• Event auditing support, OpenBSM audit API and audit trail file format, and single-host modular IDS system to monitor security events and notify administrators in the event of irregularities.

The TrustedBSD Project is made possible through the generous sponsorship and support from a variety of organizations, including the Defence Advanced Research Projects Agency (DARPA), the National Security Agency (NSA), Network Associates Laboratories, Safeport Network Services, the University of Pennsylvania, Yahoo!, McAfee Research, SPARTA, Inc., Apple Computer, Inc., and others. Contributions to support the TrustedBSD Project are welcome; please consider making donations through the FreeBSD Foundation.