Module name: mac_biba.ko
Kernel configuration line: options
MAC_BIBA
Boot option: mac_biba_load="YES"
The mac_biba(4) module loads the MAC Biba policy. This policy is similar to the MLS policy with the exception that the rules for information flow are slightly reversed. This is to prevent the downward flow of sensitive information whereas the MLS policy prevents the upward flow of sensitive information. Much of this section can apply to both policies.
In Biba environments, an “integrity” label is set on each subject or object. These labels are made up of hierarchical grades and non-hierarchical components. As an grade ascends, so does its integrity.
Supported labels are biba/low
,
biba/equal
, and biba/high
;
as explained below:
The biba/low
label is considered the
lowest integrity an object or subject may have. Setting
this on objects or subjects will block their write access
to objects or subjects marked high. They still have read
access though.
The biba/equal
label should only be
placed on objects considered to be exempt from the
policy.
The biba/high
label will permit
writing to objects set at a lower label, but not
permit reading that object. It is recommended that this
label be placed on objects that affect the integrity of
the entire system.
Biba provides:
Hierarchical integrity level with a set of non hierarchical integrity categories.
Fixed rules are no write up, no read
down
, the opposite of
MLS. A subject can have write access
to objects on its own level or below, but not above.
Similarly, a subject can have read access to objects on
its own level or above, but not below.
Integrity by preventing inappropriate modification of data.
Integrity levels instead of MLS sensitivity levels.
The following sysctl
tunables can
be used to manipulate the Biba policy:
security.mac.biba.enabled
is used
to enable or disable enforcement of the Biba policy on the
target machine.
security.mac.biba.ptys_equal
is
used to disable the Biba policy on pty(4)
devices.
security.mac.biba.revocation_enabled
forces the revocation of access to objects if the label
is changed to dominate the subject.
To access the Biba policy setting on system objects, use
setfmac
and
getfmac
:
#
setfmac biba/low test
#
getfmac test
test: biba/lowIntegrity, which is different from sensitivity, guarantees that the information will never be manipulated by untrusted parties. This includes information passed between subjects, objects, and both. It ensures that users will only be able to modify or access information they explicitly need to.
The mac_biba(4) security policy module permits an administrator to address which files and programs a user may see and invoke while assuring that the programs and files are free from threats and trusted by the system for that user.
During the initial planning phase, an administrator must be prepared to partition users into grades, levels, and areas. Users will be blocked access not only to data but to programs and utilities both before and after they start. The system will default to a high label once this policy module is enabled, and it is up to the administrator to configure the different grades and levels for users. Instead of using clearance levels, a good planning method could include topics. For instance, only allow developers modification access to the source code repository, source code compiler, and other development utilities. Other users would be grouped into other categories such as testers, designers, or end users and would only be permitted read access.
A lower integrity subject is unable to write to a higher integrity subject and a higher integrity subject cannot observe or read a lower integrity object. Setting a label at the lowest possible grade could make it inaccessible to subjects. Some prospective environments for this security policy module would include a constrained web server, a development and test machine, and a source code repository. A less useful implementation would be a personal workstation, a machine used as a router, or a network firewall.
All FreeBSD documents are available for download at http://ftp.FreeBSD.org/pub/FreeBSD/doc/
Questions that are not answered by the
documentation may be
sent to <freebsd-questions@FreeBSD.org>.
Send questions about this document to <freebsd-doc@FreeBSD.org>.