Date: Thu, 2 Sep 1999 16:59:21 -0400 (EDT) From: Steve Kiernan <stevek@tislabs.com> To: freebsd-security@freebsd.org Subject: Generic Software Wrappers 1.2.1 now available... Message-ID: <Pine.BSF.4.10.9909021650310.53289-100000@mufasa.va.tislabs.com>
next in thread | raw e-mail | index | archive | help
Some time ago there was some discussion of adding security policies to the FreeBSD kernel. ("Using capabilties aaginst shell code" August 1998) In that thread, Robert Watson had referered to the Generic Software Wrappers Toolkit which we at NAI Labs (formerly TIS Labs) were working on. We now have a release available for use. The current source release contains support for FreeBSD 2.2.x on Intel x86 and Solaris 2.6 on UltraSPARC, and preliminary support for FreeBSD 3.x on Intel x86 (not all syscalls are characterized and the code is not SMP-safe) and Windows NT on Intel x86 (the implementation is in user-space and not complete). The following is an excerpt from the readme file (you can grab a copy of the Toolkit from ftp://ftp.tislabs.com/pub/wrappers): Generic Software Wrappers Large-scale critical information systems increasingly are built by combining Commercial Off The Shelf (COTS) software components. Unfortunately, security and reliability requirements of critical information systems may not be apparent until such systems are near deployment: COTS software cannot be designed to anticipate all such requirements. Additionally, cost factors dictate that COTS software is developed with ``commercial-grade'' assurance. For these reasons, technologies are needed both to add security and reliability functionality to COTS software, and to increase general assurance of systems composed of COTS components. This DARPA-sponsored research (under contract F30602-96-C-0333) is developing techniques and tools for specifying and implementing generic software wrappers. Generic software wrappers intercept COTS component interactions and bind them with additional functions that implement practical security (e.g., restricting, filtering) and reliability (e.g., redundancy, crash data recovery) policies. This research is organized into three tasks: 1) Formulate both a preliminary Wrapper Definition Language (WDL) for specifying security and reliability software wrappers and a preliminary Wrapper Support Interface (WSI) that provides operating system services needed by wrappers. Prototype a WDL compiler and develop a WSI simulator to provide experimental feedback during the formulation of the 2) Develop a wrapper-supporting FreeBSD UNIX prototype system. Develop a Wrapper Support Subsystem (WSS) suitable for inclusion in mainstream kernelized UNIX systems, and develop WDL wrapper tools for conveniently wrapping/unwrapping selected UNIX system components. 3) Develop Sun Solaris and Windows NT wrapper-supporting prototype systems. Adjust the WDL and the WSI as needed to support these environments. By developing multiple prototypes, demonstrate that wrapper concepts are portable to dissimilar systems. Task one and two are complete. Task three is partially complete, with the Windows NT port still under development. This software is a proof of concept. It has bugs. Since it adds functionality to the kernel, those bugs may trash your system. Do Not Use This Software on systems you can not afford to trash. We know there are unfixed bugs that can and will crash the operating system. You have been warned. -- Stephen Kiernan stevek@tislabs.com NAI Labs, A Division of Network Associates, Inc. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.9909021650310.53289-100000>