TrustedBSD talks at STOSCON2003: MAC Framework, SEBSD module, experimental SEDarwin bits

[Robert Watson]

Members of the TrustedBSD team at McAfee Research (previously Network
Associates Laboratories) will be presenting on components of the
TrustedBSD work at the STOS conference at George Washington University in
Washington, DC next week.  You can find more information on STOS at
http://www.stosx.org/.

Topics for presentation include: 

- General status of the TrustedBSD MAC Framework work, integration of
  policy modules and components into the base FreeBSD tree, maturity of
  our network labeling implementation, etc. 

- Port of NSA's SELinux FLASK/TE implementation to run on FreeBSD using
  the TrustedBSD MAC Framework as a MAC policy module named SEBSD.  It is
  available via the trustedbsd_sebsd collection on cvsup10.freebsd.org. 
  We've put an initial technical report on this work on the FreeBSD web
  page.  We'll be putting online tutorial material and instructions for
  getting this module up and running on the SEBSD web page in the next few
  days: 

    http://www.trustedbsd.org/sebsd.html

  A number of you are aware of this work already.  Our development tree
  has extensions to the MAC Framework to provide for file descriptor
  labeling, and integrate the FLASK/TE labeling bits into userspace, as
  well as additional access controls for mountpoints, and exposure of the
  kernel privilege checks to MAC modules as POSIX.1e-like privilege
  checks.  We're currently exploring merging some or all of these
  infrastructure features into FreeBSD for FreeBSD 5.3 next year. 

- Experimental port of a subset of the MAC Framework and SEBSD module to
  the Darwin platform.  No technical report online yet, and this is still
  very early work, but we'll be giving a presentation and demonstration
  using Mac OS X.  Scarier yet, we plan to present this work using
  PowerPoint on a system running the code :-).  Source code is currently
  available via the FreeBSD Project perforce server, but I haven't yet
  gotten it exported to cvsup.  We hope to have web content and source
  online for people to look at shortly.  We've presented a couple of WIP
  sessions (BSDCon, USENIX Security) on elements of this work previously,
  but this is the first full-length presentation on the status of our
  prototype. 

And, of course, we'll be helping the gullible to load experimental OS
components onto their notebooks (PC or Mac).  A lot of other interesting
work will be presented there, and I encourage those able to attend to do
so :-).

Robert N M Watson             FreeBSD Core Team, TrustedBSD Projects
robert at fledge.watson.org      Senior Research Scientist, McAfee Research

To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-discuss" in the body of the message