FYI: Mac OS X and FreeBSD audit talk at University of Cambridge

[Robert Watson]

Late notice, and probably not useful for those of you not in the UK, but -- 
I'll be giving the weekly security seminar at the Computer Laboratory at the 
University of Cambridge today.  Details attached below.

     http://www.cl.cam.ac.uk/Research/Security/seminars/2006/2006-02-21.html

Robert N M Watson


Title:  Design and Implementation of a CC CAPP-Compliant Audit Subsystem for 
the Mac OS X and FreeBSD Operating Systems
Speaker:  Robert N M Watson, University of Cambridge
Date:  Tuesday, 21 February 2006, 16:15
Place:  Lecture Theatre 2, William Gates Building

Abstract:

Completing the Common Criteria CAPP (C2) security evaluation of Apple's Mac OS 
X operating system required the development of a significant new operating 
system feature, security event auditing. This facility provides for the 
fine-grained, configurable, and reliable logging of security events ranging 
from authentication events in user space to system call access control 
information throughout the kernel. As the leader for the team that implemented 
Audit for Apple, I had the opportunity to gain interesting insight into the 
evaluation requirements and process, as well as into the implementation 
implications of these requirements. This presentation will describe the 
requirements and how they have been implemented in traditional UNIX systems, 
as well as how some of the design decisions that make Mac OS X unique impacted 
the implementation of Audit. I'll also talk briefly about the later port of 
this source code base to the open source FreeBSD operating system, and the 
OpenBSM software package, which provides a portable implementation of the de 
facto industry standard BSM API and file format originally developed by Sun.