• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

SEDarwin: Security-Enhanced Darwin/Mac OS X

Port of the TrustedBSD MAC Framework and SEBSD policy from FreeBSD to Darwin

Darwin, the open source kernel of Apple's Mac OS X operating system, is constructed from a number of open source components, including Mach and FreeBSD. SPARTA ISSO, under contract to DARPA/SPAWAR, and with the support of NSA, is producing a security-enhanced version of the Darwin operating system by porting the TrustedBSD MAC Framework developed previously on the open source FreeBSD operating system. In addition, SPARTA ISSO is porting the SEBSD security module, an adaptation of NSA's FLASK architecture and Type Enforcement policy provided in SELinux, which will provide a mature policy environment. While previous work on the FreeBSD operating system addressed the network server environment, Mac OS X is a widely-deployed workstation operating supporting common desktop applications, providing an important opportunity for technology transfer. SEDarwin components will be delivered as part of the open source TrustedBSD Project, and under a combination of the Berkeley and APSL open source licenses. These licenses permit and encourage broad commercial reuse.

Work performed at SPARTA ISSO on TrustedBSD occurs as part of the CBOSS Project, which is sponsored by DARPA CHATS research program. Additional information on the TrustedBSD Project may be found on the TrustedBSD web site, including information on other sponsors and on-going projects. Experimental components of the SEDarwin work will be made available via the SPARTA ISSO Open Source web site, as well as via the TrustedBSD web page.

Papers and related material are available via the TrustedBSD web site. Additional documentation is available on the FreeBSD web site, including developer and user documentation.

Several TrustedBSD mailing lists exist, including an announcement mailing list, general discussion mailing list, audit mailing list, and CVS/Perforce commit mailing list. Questions regarding the SEDarwin work may be addressed to this list, as well as discussion relating to any of the TrustedBSD components. In addition, active development changes may be followed on the CVS/Perforce submission mailing list. Mailing list information is available on the TrustedBSD web site.

To contact researchers and developers working on TrustedBSD, please e-mail ISSO-cboss@sparta.com.