From owner-trustedbsd-audit@FreeBSD.ORG Tue Feb 21 13:37:25 2006 Return-Path: X-Original-To: trustedbsd-audit@freebsd.org Delivered-To: trustedbsd-audit@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DCF5F16A422 for ; Tue, 21 Feb 2006 13:37:25 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7098043D46 for ; Tue, 21 Feb 2006 13:37:25 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from fledge.watson.org (fledge.watson.org [209.31.154.41]) by cyrus.watson.org (Postfix) with ESMTP id 64CC646BCB for ; Tue, 21 Feb 2006 08:37:09 -0500 (EST) Date: Tue, 21 Feb 2006 13:41:08 +0000 (GMT) From: Robert Watson X-X-Sender: robert@fledge.watson.org To: trustedbsd-audit@TrustedBSD.org Message-ID: <20060221133901.O37014@fledge.watson.org> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: Subject: FYI: Mac OS X and FreeBSD audit talk at University of Cambridge X-BeenThere: trustedbsd-audit@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD Audit Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Feb 2006 13:37:26 -0000 Late notice, and probably not useful for those of you not in the UK, but -- I'll be giving the weekly security seminar at the Computer Laboratory at the University of Cambridge today. Details attached below. http://www.cl.cam.ac.uk/Research/Security/seminars/2006/2006-02-21.html Robert N M Watson Title: Design and Implementation of a CC CAPP-Compliant Audit Subsystem for the Mac OS X and FreeBSD Operating Systems Speaker: Robert N M Watson, University of Cambridge Date: Tuesday, 21 February 2006, 16:15 Place: Lecture Theatre 2, William Gates Building Abstract: Completing the Common Criteria CAPP (C2) security evaluation of Apple's Mac OS X operating system required the development of a significant new operating system feature, security event auditing. This facility provides for the fine-grained, configurable, and reliable logging of security events ranging from authentication events in user space to system call access control information throughout the kernel. As the leader for the team that implemented Audit for Apple, I had the opportunity to gain interesting insight into the evaluation requirements and process, as well as into the implementation implications of these requirements. This presentation will describe the requirements and how they have been implemented in traditional UNIX systems, as well as how some of the design decisions that make Mac OS X unique impacted the implementation of Audit. I'll also talk briefly about the later port of this source code base to the open source FreeBSD operating system, and the OpenBSM software package, which provides a portable implementation of the de facto industry standard BSM API and file format originally developed by Sun.