FreeBSD Mandatory Access Control Usage for Implementing Enterprise Security Policies

FreeBSD was one of the first widely deployed free operating systems to provide mandatory access control. It supports a number of classic MAC models. This tutorial paper addresses exploiting this implementation to enforce typical enterprise security policies of varying complexities. Security needs of organizations are becoming more and more sophisticated nowadays. Most General-Purpose Operating Systems (GPOS) provide access control policies to meet these needs. There are cases when the traditionally deployed Discretionary Access Control (DAC) rules are not sufficient: they tend to quickly become unmanageable in the case of large installations, and also are not enough for controlling information flows.