From owner-freebsd-security Thu Sep 16 10:13:53 1999 Delivered-To: freebsd-security@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id DC5C114BD6 for ; Thu, 16 Sep 1999 10:13:47 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id NAA19271 for ; Thu, 16 Sep 1999 13:13:43 -0400 (EDT) (envelope-from robert@cyrus.watson.org) Date: Thu, 16 Sep 1999 13:13:43 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: freebsd-security@freebsd.org Subject: Re: Is this list dead (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Thought people might be interested to know about SGI's Trusted Linux work--nice that they have staffing. Anyone got any money? :-) Robert N M Watson robert@fledge.watson.org http://www.watson.org/~robert/ PGP key fingerprint: AF B5 5F FF A6 4A 79 37 ED 5F 55 E9 58 04 6A B1 TIS Labs at Network Associates, Safeport Network Services ---------- Forwarded message ---------- Date: Thu, 16 Sep 1999 09:10:53 -0700 From: Casey Schaufler To: Robert Watson Cc: "Ilmar S. Habibulin" , posix1e@cyrus.watson.org Subject: Re: Is this list dead Robert Watson wrote: > > On Thu, 16 Sep 1999, Ilmar S. Habibulin wrote: > > > Subj. > > Well, it's acting a little dead, but my hope is that it will not stay that > way indefinitely. Ya know, I had noticed that something was missing, but couldn't quite place it. I had ascribed the lack of activity to it being summer (my hemispheric centrisity showing!) and expected to see things pick up once vactions wrapped up. Starting October 1st I will have actual staffing available to work on commercial C2 and B1 Linux distributions. I have a stated engineering goal of C2 feature completion by 10/2000 and B1 feature completion by 4/2001. This will be fully open source. The plan is for C2 and B1 to be regular parts of the SGI distribution. In addition, I have been working with some people who cannot themselves work in public forums, including mail and news groups. They also wish to make contributions, especially in the areas of Mandatory Access Control, (we need a less overloaded acroynm than "MAC". Any thoughts?) policy description, and security test suites. > We're been redesigning how the record gathering mechanism is integrated > into FreeBSD, as there are parallel trace mechanisms (such as ktrace) that > serve a similar function. Good art never borrows. It's much better to steal. Also, it's much easier to sell audit if you can call it an extension to an existing, well liked mechanism. > I'm interested in the possibility of pinning down an IDS module > interface--i.e., a standard API by which IDS modules can talk to a > provider of audit records, specifying what they are interested in so as to > make detecting events more efficient. This would presumably include > functions to describe interesting records, functions to retrieve the > records when available, and functions to report events via some > event-reporting architecture. My understanding is that the state of the art for IDS is to suck information out of a relational database. This seperates the security function from the data gathering and relationship processing. If IDS is a real concern, perhaps defining a set of relations might be the best way to go, and design the audit records to fit nicely into the relations. -- Casey Schaufler voice: (650) 933-1634 casey@sgi.com fax: (650) 933-0170 To Unsubscribe: send mail to majordomo@cyrus.watson.org with "unsubscribe posix1e" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message