Mac OS X Technology Overview: Security

< Previous PageNext Page >

Hide TOC

Security

The roots of Mac OS X in the UNIX operating system provide a robust and secure computing environment whose track record extends back many decades. Mac OS X security services are built on top of two open-source standards: BSD (Berkeley Software Distribution) and CDSA (Common Data Security Architecture). BSD is a form of the UNIX operating system that provides basic security for fundamental services, such as file and network access. CDSA provides a much wider array of security services, including finer-grained access permissions, authentication of users’ identities, encryption, and secure data storage. Although CDSA has its own standard API, it is complex and does not follow standard Macintosh programming conventions. Therefore, Mac OS X includes its own security APIs that call through to the CDSA API for you.

In Mac OS X v10.5 several improvements were made to the underlying operating system security, including the addition of the following features:

Adoption of the Mandatory Access Control (MAC) framework, which provides a fine-grained security architecture for controlling the execution of processes at the kernel level. This feature enables the “sandboxing” of applications, which lets you limit the access of a given application to only those features you designate.
Support for code signing and installer package signing. This feature lets the system validate applications using a digital signature and warn the user if an application is tampered with.
Compiler support for fortifying your source code against potential security threats. This support includes options to disallow the execution of code located on the stack or other portions of memory containing data. It also includes some new GCC compiler warnings.
Support for putting unknown files into quarantine. This is especially useful for developers of web browsers or other network-based applications that receive files from unknown sources. The system prevents access to quarantined files unless the user explicitly approves that access.

For an introduction to Mac OS X security features, see Security Overview.

< Previous PageNext Page >

Hide TOC

Last updated: 2007-10-31

Did this document help you?
Yes: Tell us what works for you. It’s good, but: Report typos, inaccuracies, and so forth. It wasn’t helpful: Tell us what would have helped.




	Get information on Apple products. Visit the Apple Store online or at retail locations. 1-800-MY-APPLE Copyright © 2007 Apple Inc. All rights reserved. \| Terms of use \| Privacy Notice