DRAFT ``Poligraph: A Modular Framework for Kernel Security Policy and Management''

[Robert Watson]

Hi all,

Delayed by quite a ways, but hopefully still interesting to those on the
list.  Below is the URL for an initial design paper describing Poligraph,
a proposed kernel authorization management system for FreeBSD.  The goal
is to provide a modular framework for introducing new authorization types
into the kernel, conceivably at run time, and provide for a well-defined
composition of authorization types.  This is just an initial design idea,
and as such I welcome any discussion and criticism.  The document is
available in HTML format (as the url indicates), but there are also
postscript, dvi, pdf, and other formats, courtesy Chris Costello, who has
volunteered (the fool) to provide documentation support for the project
(man pages authoring, system documentation, and help for an SGML-neophyte
like myself).

http://www.trustedbsd.org/documentation/design/poligraph/poligraph.html
						.dvi, .pdf, .ps, .tex,
						.txt, .sgml

I haven't linked it up to the rest of the site as this is very much a work
in progress.  I have begun experimenting with implementing it, but as I
have described in previous e-mails, our goals include an initial
implementation of most of the security models in TrustedBSD outside of the
framework, before migrating to the framework.  This will allow us to
explore the implications of each model on system design, as well as make
sure the mechanism is sufficiently flexible to be able to describe what we
require. 

Open questions, as with any pluggable framework, include the normal
concerns: expressibility, performance, semantics, over-design, etc.

  Robert N M Watson 

robert at fledge.watson.org              http://www.watson.org/~robert/
PGP key fingerprint: AF B5 5F FF A6 4A 79 37  ED 5F 55 E9 58 04 6A B1
TIS Labs at Network Associates, Safeport Network Services


To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message