TrustedBSD Auditing Facilities (was RE: FreeBSD usage in safety-c ritical environments)

Andrew R. Reiter arr at watson.org
Fri Oct 11 14:41:32 GMT 2002


On Fri, 11 Oct 2002, Nelson, Trent . wrote:

:Hi,
:
:> -----Original Message-----
:> From: Robert Watson [mailto:rwatson at freebsd.org]
:> Sent: Thursday, October 10, 2002 11:06 PM
:> To: Nelson, Trent .
:> Cc: 'chromexa at ovis.net'; 'hackers at freebsd.org'
:> Subject: RE: FreeBSD usage in safety-critical environments
:> 
:> 
:> On Wed, 9 Oct 2002, Nelson, Trent . wrote:
:> 
:> > 	If you're referring to security criteria (Trusted Computer
:> > Security Evaluation Criteria or ITSEC for Euro/UK), then no, FreeBSD
:> > doesn't currently provide any features C2/F-C2+ configuration (Access
:> > Control Lists, auditing, accountability, etc).  This is being tackled by
:> > TrustedBSD though, which I'm sure Robert Watson can provide some more
:> > information on.
:
:> We don't current have an audit
:> implementation, but I'm working to resolve that issue as soon as possible.
:> The only big thing missing from the picture is actually someone who wants
:> to bring FreeBSD to market with an evaluation--someone who's willing to go
:> the distance on the evaluation process (paperwork, testing, etc).  My
:> goals for FreeBSD 6.0 include feature completeness on CAPP (C2) and LSPP
:> (B1).
:
:	Has anyone taken a look at how Tru64 UNIX tackles auditing, or even
:enhanced security in general?  I've had to devise a strategy over the last
:few weeks for work to address the need for cross-Atlantic network
:connectivity between a test-bed environment and what will eventually become
:a 'live' safety-critical environment.  The security configuration for such a
:system (system being the components interacting with the link, not the
:actual safety-critical system per se) must be very tight, and we've
:basically prevented connectivity to anything other than the Tru64 UNIX
:servers as nothing else we have can be configured to an acceptable level
:(well, at least Linux anyway).
:
:	The Security Integration Architecture and auditing subsystem of
:Tru64 UNIX are quiet elegant, IMO, and I believe they'd provide a good basis
:for the road TrustedBSD would eventually have to travel down.
:
:	The security documentation (which details all of this, and a lot
:more) for Tru64 UNIX can be found at:
:
:http://www.tru64unix.compaq.com/docs/base_doc/DOCUMENTATION/V51A_PDF/ARH95DT
:E.PDF
:
:	General documentation can be found at:
:
:	http://www.tru64unix.compaq.com/docs/pub_page/V51A_DOCS/ADM_DOCS.HTM

Thanks for the URLs.  Something that caught my attention was that they do
buffered flushes of in-memory audit records in order to push them to disk.
I had done the same thing with that last basis of the audit code I did,
but after a discussion with a coworker, he sort of convinced me that
buffered writes were a violation of a few standards -- can anyone shed any
light on this?

I also found their implementation notes section on syscalls that have the
possibility of not generating audit events a good thing to recognize.

Thanks again,
Andrew

--
Andrew R. Reiter
arr at watson.org
arr at FreeBSD.org


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-audit" in the body of the message



More information about the trustedbsd-audit mailing list