The translation is temporarily closed for contributions due to maintenance, please come back later.

Translation

(itstool) path: sect1/para
English
Mandatory Access Control (MAC), refers to a set of access control policies that are mandatorily enforced on users by the operating system. MAC policies may be contrasted with Discretionary Access Control (DAC) protections, by which non-administrative users may (at their discretion) protect objects. In traditional UNIX systems, DAC protections include file permissions and access control lists; MAC protections include process controls preventing inter-user debugging and firewalls. A variety of MAC policies have been formulated by operating system designers and security researches, including the Multi-Level Security (MLS) confidentiality policy, the Biba integrity policy, Role-Based Access Control (RBAC), Domain and Type Enforcement (DTE), and Type Enforcement (TE). Each model bases decisions on a variety of factors, including user identity, role, and security clearance, as well as security labels on objects representing concepts such as data sensitivity and integrity.
1073/9800 · 980
Context English Portuguese (Brazil) State

<email>chris@FreeBSD.org</email>
 		<email>chris@FreeBSD.org</email>
<personname> <firstname>Chris</firstname> <surname>Costello</surname> </personname> <affiliation> <orgname>TrustedBSD Project</orgname> <_:address-1/> </affiliation> <personname><firstname> Chris </firstname><surname> Costello </surname></personname><affiliation><orgname> Projeto TrustedBSD </orgname> <_: endere�o-1 /> </affiliation>

<email>rwatson@FreeBSD.org</email>
 		<email>rwatson@FreeBSD.org</email>
<personname> <firstname>Robert</firstname> <surname>Watson</surname> </personname> <affiliation> <orgname>TrustedBSD Project</orgname> <_:address-1/> </affiliation> <personname><firstname> Robert </firstname><surname> Watson </surname></personname><affiliation><orgname> Projeto TrustedBSD </orgname> <_: endere�o-1 /> </affiliation>
MAC Documentation Copyright Direitos autorais da documenta��o do MAC
This documentation was developed for the FreeBSD Project by Chris Costello at Safeport Network Services and Network Associates Laboratories, the Security Research Division of Network Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 (<quote>CBOSS</quote>), as part of the DARPA CHATS research program. Esta documenta��o foi desenvolvida para o Projeto FreeBSD por Chris Costello na Safeport Network Services e Network Associates Laboratories, a Divis�o de Pesquisa de Seguran�a da Network Associates, Inc. sob contrato DARPA / SPAWAR N66001-01-C-8035 ( <quote> CBOSS </quote> ), como parte do programa de pesquisa DARPA CHATS.
Redistribution and use in source (SGML DocBook) and 'compiled' forms (SGML, HTML, PDF, PostScript, RTF and so forth) with or without modification, are permitted provided that the following conditions are met: Redistribui��o e uso em formul�rios de origem (SGML DocBook) e ';compilados'; (SGML, HTML, PDF, PostScript, RTF e assim por diante) com ou sem modifica��o, s�o permitidos desde que as seguintes condi��es sejam atendidas:
Redistributions of source code (SGML DocBook) must retain the above copyright notice, this list of conditions and the following disclaimer as the first lines of this file unmodified. As redistribui��es do c�digo-fonte (SGML DocBook) devem manter o aviso de copyright acima, esta lista de condi��es e o aviso de isen��o de responsabilidade a seguir, conforme as primeiras linhas deste arquivo n�o sejam modificadas.
THIS DOCUMENTATION IS PROVIDED BY THE NETWORKS ASSOCIATES TECHNOLOGY, INC "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL NETWORKS ASSOCIATES TECHNOLOGY, INC BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ESTA DOCUMENTA��O � FORNECIDA PELA NETWORKS ASSOCIATES TECHNOLOGY, INC " COMO EST� "" E QUALQUER GARANTIA EXPRESSA OU IMPL�CITA, INCLUINDO, MAS N�O SE LIMITANDO �S GARANTIAS IMPL�CITAS DE COMERCIALIZA��O E ADEQUA��O A UMA FINALIDADE ESPEC�FICA, � REJEITADA. A NETWORKS ASSOCIATES TECHNOLOGY, INC � RESPONS�VEL POR QUAISQUER DANOS DIRETOS, INDIRETOS, INCIDENTAIS, ESPECIAIS, EXEMPLARES OU CONSEQ�ENCIAIS (INCLUINDO, MAS N�O SE LIMITANDO A, AQUISI��O DE BENS OU SERVI�OS SUBSTITUTOS; PERDA DE USO, DADOS OU LUCROS; OU INTERRUP��O DE NEG�CIOS) SEMPRE CAUSOU QUALQUER TEORIA DE RESPONSABILIDADE, SEJA EM CONTRATO, RESPONSABILIDADE ESTRITA, OU DELITO (INCLUINDO NEGLIG�NCIA OU DE OUTRA FORMA) DECORRENTE DE QUALQUER FORMA DO USO DESTA DOCUMENTA��O, MESMO SE AVISADA DA POSSIBILIDADE DE TAIS DANOS.
FreeBSD includes experimental support for several mandatory access control policies, as well as a framework for kernel security extensibility, the TrustedBSD MAC Framework. The MAC Framework is a pluggable access control framework, permitting new security policies to be easily linked into the kernel, loaded at boot, or loaded dynamically at run-time. The framework provides a variety of features to make it easier to implement new security policies, including the ability to easily tag security labels (such as confidentiality information) onto system objects. O FreeBSD inclui suporte experimental para v�rias pol�ticas de controle de acesso, bem como uma estrutura para extensibilidade de seguran�a do kernel, o TrustedBSD MAC Framework. O MAC Framework � uma estrutura de controle de acesso plug�vel, permitindo que novas pol�ticas de seguran�a sejam facilmente vinculadas ao kernel na inicializa��o ou carregada dinamicamente em tempo de execu��o. A estrutura fornece uma variedade de recursos para facilitar a implementa��o de novas pol�ticas de seguran�a, incluindo a capacidade de marcar facilmente r�tulos de seguran�a (como informa��es de confidencialidade) em objetos do sistema.
This chapter introduces the MAC policy framework and provides documentation for a sample MAC policy module. Este cap�tulo apresenta a estrutura de pol�tica do MAC e fornece documenta��o para um m�dulo de pol�tica MAC de amostra.
Introduction Introdução
The TrustedBSD MAC framework provides a mechanism to allow the compile-time or run-time extension of the kernel access control model. New system policies may be implemented as kernel modules and linked to the kernel; if multiple policy modules are present, their results will be composed. The MAC Framework provides a variety of access control infrastructure services to assist policy writers, including support for transient and persistent policy-agnostic object security labels. This support is currently considered experimental. A estrutura MAC do TrustedBSD fornece um mecanismo para permitir a extens�o em tempo de compila��o ou de tempo de execu��o do modelo de controle de acesso do kernel. Novas pol�ticas do sistema podem ser implementadas como m�dulos do kernel e vinculadas ao kernel; se houver v�rios m�dulos de pol�tica, seus resultados O MAC Framework fornece uma variedade de servi�os de infra-estrutura de controle de acesso para auxiliar os redatores de pol�ticas, incluindo o suporte a r�tulos de seguran�a de objetos agn�sticos, transit�rios e persistentes. Esse suporte � atualmente considerado experimental.
This chapter provides information appropriate for developers of policy modules, as well as potential consumers of MAC-enabled environments, to learn about how the MAC Framework supports access control extension of the kernel. Este cap�tulo fornece informa��es apropriadas para desenvolvedores de m�dulos de pol�ticas, bem como potenciais consumidores de ambientes habilitados para MAC, para aprender sobre como o MAC Framework suporta a extens�o de controle de acesso do kernel.
Policy Background Hist�rico da Pol�tica
Mandatory Access Control (MAC), refers to a set of access control policies that are mandatorily enforced on users by the operating system. MAC policies may be contrasted with Discretionary Access Control (DAC) protections, by which non-administrative users may (at their discretion) protect objects. In traditional UNIX systems, DAC protections include file permissions and access control lists; MAC protections include process controls preventing inter-user debugging and firewalls. A variety of MAC policies have been formulated by operating system designers and security researches, including the Multi-Level Security (MLS) confidentiality policy, the Biba integrity policy, Role-Based Access Control (RBAC), Domain and Type Enforcement (DTE), and Type Enforcement (TE). Each model bases decisions on a variety of factors, including user identity, role, and security clearance, as well as security labels on objects representing concepts such as data sensitivity and integrity. Mandatory Access Control (MAC), refere-se a um conjunto de pol�ticas de controle de acesso impostas obrigatoriamente aos usu�rios pelo sistema operacional. As pol�ticas MAC podem ser contrastadas com as prote��es de Controle de Acesso Discricion�rio (DAC), pelas quais usu�rios n�o administrativos podem Em seus sistemas UNIX tradicionais, as prote��es do DAC incluem permiss�es de arquivos e listas de controle de acesso, e as prote��es MAC incluem controles de processo que impedem a depura��o entre usu�rios e firewalls.Uma variedade de pol�ticas MAC foram formuladas por projetistas de sistemas operacionais e pesquisas de seguran�a. incluindo a pol�tica de confidencialidade Multi-Level Security (MLS), a pol�tica de integridade Biba, RBAC (Role-Based Access Control), DTE (Domain and Type Enforcement) e TE (Type Enforcement), cada modelo baseia as decis�es numa variedade de fatores. , incluindo identidade de usu�rio, fun��o e autoriza��o de seguran�a, bem como etiquetas de seguran�a em objetos que representam conceitos como integridade e sensibilidade de dados.
The TrustedBSD MAC Framework is capable of supporting policy modules that implement all of these policies, as well as a broad class of system hardening policies, which may use existing security attributes, such as user and group IDs, as well as extended attributes on files, and other system properties. In addition, despite the name, the MAC Framework can also be used to implement purely discretionary policies, as policy modules are given substantial flexibility in how they authorize protections. O TrustedBSD MAC Framework � capaz de suportar m�dulos de pol�ticas que implementam todas essas pol�ticas, bem como uma ampla classe de pol�ticas de prote��o do sistema, que podem usar atributos de seguran�a existentes, como IDs de usu�rios e grupos, bem como atributos estendidos em arquivos e outras propriedades do sistema Al�m disso, apesar do nome, o MAC Framework tamb�m pode ser usado para implementar pol�ticas puramente discricion�rias, uma vez que os m�dulos de pol�ticas recebem uma flexibilidade substancial na forma como autorizam prote��es "
MAC Framework Kernel Architecture Arquitetura do Kernel do MAC Framework
The TrustedBSD MAC Framework permits kernel modules to extend the operating system security policy, as well as providing infrastructure functionality required by many access control modules. If multiple policies are simultaneously loaded, the MAC Framework will usefully (for some definition of useful) compose the results of the policies. O TrustedBSD MAC Framework permite que os m�dulos do kernel estendam a pol�tica de seguran�a do sistema operacional, bem como fornecem a funcionalidade de infra-estrutura requerida por muitos m�dulos de controle de acesso. Se v�rias pol�ticas forem carregadas simultaneamente, o MAC Framework utilizar� (para alguma defini��o �til) resultados das pol�ticas "
Kernel Elements Elementos do Kernel
The MAC Framework contains a number of kernel elements: O MAC Framework cont�m v�rios elementos do kernel:
Framework management interfaces Interfaces de gerenciamento de estrutura
Concurrency and synchronization primitives. Primitivas de sincroniza��o e simultaneidade.
Policy registration Registo de pol�tica
Extensible security label for kernel objects Etiqueta de seguran�a extens�vel para objetos do kernel
Policy entry point composition operators Operadores de composi��o de ponto de entrada de pol�tica
Label management primitives Primitivos de gerenciamento de r�tulo
Entry point API invoked by kernel services API do ponto de entrada invocada pelos servi�os do kernel
Entry point API to policy modules API de ponto de entrada para m�dulos de pol�tica
Entry points implementations (policy life cycle, object life cycle/label management, access control checks). Implementa��es de pontos de entrada (ciclo de vida da pol�tica, ciclo de vida do objeto / gerenciamento de etiquetas, verifica��es de controle de acesso).
Policy-agnostic label-management system calls Chamadas de sistema de gerenciamento de r�tulo agn�stico de pol�ticas

Loading…

User avatar None

New source string

FreeBSD Doc (Archived) / books_arch-handbookPortuguese (Brazil)

New source string a year ago
Browse all component changes

Things to check

Mismatched full stop

Source and translation do not both end with a full stop

Reset

Trailing space

Source and translation do not both end with a space

Fix string

Reset

Glossary

English Portuguese (Brazil)
No related strings found in the glossary.

Source information

Source string comment
(itstool) path: sect1/para
Source string location
book.translate.xml:4452
String age
a year ago
Source string age
a year ago
Translation file
books/pt_BR/arch-handbook.po, string 575