NetBSD Security Enhancements

by Elad Efrat

Abstract

Over the years, NetBSD obtained itself the position of the BSD focusing on portability. While it is true that NetBSD offers an easily portable OS, we do not neglect other areas that require special care, such as security. This paper presents the NetBSD philosophy of security, design decisions, and currently offered security features. Finally, some of the current and future research will be revealed.

Topics covered will include enhancements to Veriexec, the new kernel authorization framework kauth(9) supporting pluggable security models, capabilities, file-system ACLs, in-kernel PKI supporting signed files, and alpha-stage research model for a nearly-100% virus immune environment using the above as construction blocks.

Author bio

Missing

go back to the schedule