Date: Sun, 22 Jul 2012 15:11:49 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 214764 for review Message-ID: <201207221511.q6MFBnTv066892@skunkworks.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@214764?ac=10 Change 214764 by rwatson@rwatson_fledge on 2012/07/22 15:10:50 Update a number of TrustedBSD web pages, which have generally gotten a bit stale over the last couple of years. A number of development projects are arguably "finished", so say so, and report on incorporation of the work into other operating systems -- especially Mac OS X. Affected files ... .. //depot/projects/trustedbsd/www/acls.page#3 edit .. //depot/projects/trustedbsd/www/audit.page#10 edit .. //depot/projects/trustedbsd/www/developers.page#5 edit .. //depot/projects/trustedbsd/www/docs.bib#7 edit .. //depot/projects/trustedbsd/www/home.page#8 edit .. //depot/projects/trustedbsd/www/sourcecode.page#2 edit Differences ... ==== //depot/projects/trustedbsd/www/acls.page#3 (text+ko) ==== @@ -1,5 +1,5 @@ <!-- - Copyright (c) 2006 Robert N. M. Watson + Copyright (c) 2006-2012 Robert N. M. Watson All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/acls.page#2 $ + $P4: //depot/projects/trustedbsd/www/acls.page#3 $ </cvs:keyword> </cvs:keywords> @@ -42,24 +42,11 @@ <p>TrustedBSD provides a file system access control list implementation that provides enhanced discretionary access control as required by the CC CAPP specification at higher assurance levels. - This implementation is based on the POSIX.1eD17 draft specification, - and is API-compatible with the ACL implementations found on many - other UNIX systems. - The TrustedBSD implementation stores access control lists in file - system extended attributes, as found in the UFS1 and UFS2 file - systems on FreeBSD. - The TrustedBSD POSIX.1e ACL library may also found in Mac OS X, - although wrapping NTFS-style ACLs, and portions of the ACL library - documentation may be found in Linux. - TrustedBSD ACLs are present in FreeBSD 5.0 and greater, and are - supported by Samba, KDE, and a number of other applications.</p> - - <p>Currently, prototyping work is being performed relating to adding - support for NFSv4-style ACLs behind the existing APIs in FreeBSD, - in a manner similar to Mac OS X. - This may provide improved compatibility with NFSv4 and NTFS. - Check back on this web page for future updates as this work - continues.</p> + We have implemented both POSIX.1eD17 draft specification ACLs + (UNIX-like), since FreeBSD 5.0, and NFSv4 ACLs (Windows-like), since + FreeBSD 8.0. + Portions of the TrustedBSD ACL implementation also appear in Mac OS + X.</p> </html> </section> ==== //depot/projects/trustedbsd/www/audit.page#10 (text+ko) ==== @@ -29,7 +29,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/audit.page#9 $ + $P4: //depot/projects/trustedbsd/www/audit.page#10 $ </cvs:keyword> </cvs:keywords> @@ -45,14 +45,14 @@ events, and detailed logging of access control events, including the ability to log system calls based on user and event class.</p> - <p>The TrustedBSD audit implementation is present in FreeBSD 6.2 and - later, and there is continuing development work to expand its - feature set. The current implementation is derived from the Mac OS - X audit implementation created by McAfee Research under contract to - Apple Computer, Inc. in support of the Mac OS X CAPP evaluation. - The TrustedBSD implementation has been substantially enhanced to add - new features, such as audit pipes allowing applications to attach - directly and selectively to the live event stream.</p> + <p>The TrustedBSD audit implementation appeared in FreeBSD 6.2, and + is also present in Mac OS X. The current implementation is derived + from the Mac OS X audit implementation created by McAfee Research + under contract to Apple, Inc, in support of the Mac OS X CAPP + evaluation. The TrustedBSD implementation has been substantially + enhanced to add new features, such as audit pipes allowing + intrusion detection and monitoring applications to attach to and + tailor the live event stream.</p> <p>The audit implementation includes a kernel audit event engine, auditing of system calls across all native and emulated ABIs, ==== //depot/projects/trustedbsd/www/developers.page#5 (text+ko) ==== @@ -29,7 +29,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/developers.page#4 $ + $P4: //depot/projects/trustedbsd/www/developers.page#5 $ </cvs:keyword> </cvs:keywords> @@ -85,6 +85,7 @@ </tr> <tr> <td>Jonathan Anderson</td> + <td>Pawel Jakub Dawidek</td> </tr> </table> ==== //depot/projects/trustedbsd/www/docs.bib#7 (text+ko) ==== @@ -35,7 +35,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/docs.bib#6 $ + $P4: //depot/projects/trustedbsd/www/docs.bib#7 $ </cvs:keyword> </cvs:keywords> @@ -410,4 +410,66 @@ techniques.</abstract> </entry> + <entry role="paper" date="201204"> + <title>New approaches to operating system security extensibility</title> + + <author> + <name>Robert N. M. Watson</name> + <affil>University of Cambridge</affil> + </author> + + <download> + <file url="http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-818.html" + format="Tech report page" /> + <file url="http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-818.pdf" + format="PDF" /> + </download> + + <abstract><p>This dissertation proposes new approaches to commodity + computer operating system (OS) access control extensibility that + address historic problems with concurrency and technology transfer. + Access control extensibility addresses a lack of consensus on operating + system policy model at a time when security requirements are in flux: + OS vendors, anti-virus companies, firewall manufacturers, smart phone + developers, and application writers require new tools to express + policies tailored to their needs. By proposing principled approaches to + access control extensibility, this work allows OS security to be + "designed in" yet remain flexible in the face of diverse and changing + requirements.</p> + + <p>I begin by analysing system call interposition, a popular extension + technology used in security research and products, and reveal + fundamental and readily exploited concurrency vulnerabilities. + Motivated by these failures, I propose two security extension models: + the TrustedBSD Mandatory Access Control (MAC) Framework, a flexible + kernel access control extension framework for the FreeBSD kernel, and + Capsicum, practical capabilities for UNIX.</p> + + <p>The MAC Framework, a research project I began before starting my + PhD, allows policy modules to dynamically extend the kernel access + control policy. + The framework allows policies to integrate tightly with kernel + synchronisation, avoiding race conditions inherent to system call + interposition, as well as offering reduced development and technology + transfer costs for new security policies. + Over two chapters, I explore the framework itself, and its transfer to + and use in several products: the open source FreeBSD operating system, + nCircle's enforcement appliances, and Apple's Mac OS X and iOS + operating systems.</p> + + <p>Capsicum is a new application-centric capability security model + extending POSIX. + Capsicum targets application writers rather than system designers, + reflecting a trend towards security-aware applications such as + Google's Chromium web browser, that map distributed security policies + into often inadequate local primitives. + I compare Capsicum with other sandboxing techniques, demonstrating + improved performance, programmability, and security.</p> + + <p>This dissertation makes original contributions to challenging + research problems in security and operating system design. + Portions of this research have already had a significant impact on + industry practice.</p></abstract> + </entry> + </bibliography> ==== //depot/projects/trustedbsd/www/home.page#8 (text+ko) ==== @@ -1,5 +1,5 @@ <!-- - Copyright (c) 2000-2008 Robert N. M. Watson + Copyright (c) 2000-2012 Robert N. M. Watson Copyright (c) 2001 Leigh Denault Copyright (c) 2002 Networks Associates Technology, Inc. All rights reserved. @@ -37,7 +37,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/home.page#7 $ + $P4: //depot/projects/trustedbsd/www/home.page#8 $ </cvs:keyword> </cvs:keywords> @@ -45,29 +45,25 @@ <title>TrustedBSD Project</title> <html> - <p>The TrustedBSD project is an open source project developing + <p>The TrustedBSD Project is an open source community developing advanced security features for the open source <a - href="http://www.FreeBSD.org/">FreeBSD</a>; operating system, - including file system <a href="extattr.html">extended attributes and - UFS2</a>, <a href="acls.html">Access Control Lists</a>, <a - href="openpam.html">OpenPAM</a>, <a href="audit.html">security event - auditing</a> with <a href="openbsm.html">OpenBSM</a>, mandatory - access control and the <a href="mac.html">TrustedBSD MAC - Framework</a>, and the <a href="geom.html">GEOM</a> storage - framework. Many technologies from TrustedBSD may also be found in - operating systems beyond FreeBSD, including Mac OS X, NetBSD, - OpenBSD, and Linux.</p> + href="http://www.FreeBSD.org/">FreeBSD</a>; operating system. + Started in April 2000, the project developed support for extended + attributes, access control lists (ACLs), UFS2, OpenPAM, security + event auditing, OpenBSM, a flexible kernel access control framework, + mandatory access control, and the GEOM storage layer. + The results of this work may be found not just in FreeBSD, but also + NetBSD, OpenBSD, Linux, and Apple's Mac OS X and iOS operating + systems. + Today, the project continues to maintain and enhance these + mature features in FreeBSD.</p> <p>The TrustedBSD Project originally targeted trusted operating system functionality required by the Common Criteria for Information Technology Security Evaluation (CC). Work has gone significantly further, including research and development into operating system security extensibility, and work on local and distributed file - systems as required to meet security goals. Despite significant - success in developing and deploying advanced security functions on - FreeBSD and elsewhere, the work of the TrustedBSD Project continues, - with new and enhanced features shipping with new operating system - versions.</p> + systems as required to meet security goals.</p> <p>This web site provides development information about TrustedBSD, including early access to source code and on-going development work, @@ -82,8 +78,8 @@ Agency (NSA), Network Associates Laboratories, Safeport Network Services, the University of Pennsylvania, Yahoo!, McAfee Research, SPARTA, Inc., Apple Computer, Inc., nCirce Network Security, Inc., - Google, Inc., the University of Cambridge Computer Laboratory, and - others. + Google, Inc., the University of Cambridge Computer Laboratory, the + FreeBSD Foundation, and others. Contributions to support the TrustedBSD Project are welcome; please consider making donations through the <a href="http://www.freebsdfoundation.org/">FreeBSD Foundation</a>.</p> ==== //depot/projects/trustedbsd/www/sourcecode.page#2 (text+ko) ==== @@ -1,5 +1,5 @@ <!-- - Copyright (c) 2000-2006 Robert N. M. Watson + Copyright (c) 2000-2012 Robert N. M. Watson All rights reserved. Redistribution and use in source and binary forms, with or without @@ -29,7 +29,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/sourcecode.page#1 $ + $P4: //depot/projects/trustedbsd/www/sourcecode.page#2 $ </cvs:keyword> </cvs:keywords> @@ -41,23 +41,13 @@ a two-clause BSD-style license, permitting broad open source, closed source, non-commercial, and commercial reuse. For more information on licensing, see <a href="legal.html">Legal - Information</a>. - Code available for download from the TrustedBSD web site is - generally pre-release or experimental code, and not appropriate - for use by end-users, who will receive TrustedBSD components from - their operating system vendor directly. - Comments on code, as well as on new features and bug fixes, are - welcome.</p> + Information</a>.</p> - <p>TrustedBSD is developed in a <a href="http://www.perforce.com/">; - Perforce</a> repository, and is made available via <a - href="http://www.polstra.com/projects/freeware/CVSup/">CVSup</a>; - server <span id="fqdn">cvsup10.FreeBSD.org</span>. A <a - href="trustedbsd-supfile">sample supfile</a> is available. As - features reach maturity, the are merged into the main FreeBSD - development tree, and in some cases, have also been adopted into - other operating system distributions, including NetBSD, OpenBSD, - Linux, and Mac OS X.</p> + <p>With the exception of active development projects, almost all + TrustedBSD code should be obtained from operating system vendors such + as the <a href="http://www.freebsd.org">FreeBSD Project</a> or + <a href="http://www.apple.com/">Apple</a>, rather than downloaded + directly from the TrustedBSD site by end users.</p> <p>Individual component web pages may include Perforce, CVSUP, or direct source code download options.</p>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207221511.q6MFBnTv066892>