Kirk McKusick, George Neville-Neil, and I are pleased to announce that The Design and Implementation of the FreeBSD Operating System, Second Edition is now available from Pearson Education (Amazon link for non-US folk). Light Blue Touchpaper readers might be particularly interested in the new chapter on FreeBSD’s kernel security features including:
- Process Credentials
- Users and Groups
- Privilege Model
- Interprocess Access Control
- Discretionary Access Control
- Capsicum Capability Model
- Jails
- Mandatory Access-Control Framework
- Security Event Auditing
- Cryptographic Services
- GELI Full-Disk Encryption
There is detailed coverage of the FreeBSD TCB, POSIX.1e and NFSv4 ACLs, OS sandboxing features, the Mandatory Access Control Framework used not just in FreeBSD but also Junos/Mac OS X/iOS, the FreeBSD kernel’s Yarrow-based pseudo-random number generator, and both confidentiality and integrity cryptographic protection for filesystems, and the kernel’s IPsec implementation. Other new content in this edition of the book includes ZFS, paravirtualised device drivers, DTrace, NFSv4, network-stack virtualisation, and much more.
We will be using this book as one of the core texts for our new masters-level operating-system course at Cambridge, L41, in spring 2015.