Yet another OB/CC opinion
tfraser at tislabs.com
tfraser at tislabs.com
Wed Apr 19 21:31:45 GMT 2000
Hi!
Here's my open-source itch: I want a UNIX OS that will protect
itself and my data from modification by viruses, Trojan horses, and
malicious remote users despite the presence of exploitable
vulnerabilities in my user-space programs. I believe a UNIX kernel
augmented with an integrity-oriented non-discretionary access control
scheme can provide this protection in a usable way. So, I've spent
the last few years pleasurably scratching away at my itch by working
on the DTE (http://www.usenix.org/publications/library/proceedings/
sec96/full_papers/walker/walker.ps) prototype on BSD/OS and the LOMAC
(ftp://ftp.tislabs.com/pub/lomac) prototype on Linux. I've left the
Orange-Book-oriented stuff to other folks with other itches.
If your itch is to implement parts of the Orange Book, then
scratch away! Stuffing security functionality into kernels is fun,
and it's a good way to learn a little bit about all the kernel's
parts. It's not my place to tell anyone what they should and should
not do; that's for moms, middle management, and other petty
dictators. :^) Implementing OB stuff for its own sake is as worthy a
goal as any other - but it's not the only way to improve the the
security of your favorite free UNIX. As Jeff DeMello wisely suggested
earlier on this list, consider your functionality goals, and then hack
away in any direction you feel will get you there. I don't think the
OB is very relevant to my goals, but that's just me. Good luck to
TrustedBSD, and have fun!
- Tim Fraser
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message
More information about the trustedbsd-discuss
mailing list