| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 11 Dec 2009 16:30:39 +0800 From: Cliffe <cliffe@...net> To: apparmor-dev@...ge.novell.com, selinux@...ho.nsa.gov, linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org, fbac-lsm-general@...ts.sourceforge.net Subject: New security system FBAC-LSM announcement and call for collaborators In preparation for my LCA talk “A New Paradigm for Restricting Applications and Protecting Yourself from Your Processes”, today I have released the code for FBAC-LSM. This initial development version of FBAC-LSM is functional, but is unstable and slow. It is developed against an older version of the LSM interface (using the AppArmor path-based hooks), and will be updated to work with the new interface in the future. There is quite a bit of work to be done before it is ready for production systems or formal code review. I developed FBAC-LSM for my PhD research. FBAC-LSM restricts programs based on the features each application provides. Reusable policy abstractions, known as functionalities, can be used to grant the authority to perform high level features (for example using the Web_Browser functionality) or lower level features (such as using the HTTP_Client functionality) or to grant privileges to access any specified resources. Functionalities are parameterised, which allows them to be adapted to the needs of specific applications. Functionalities are also hierarchical; that is, functionalities can contain other functionalities. Over one hundred applications were analysed, and functionalities and policies were developed. A number of techniques for automating aspects of policy specification were also developed. A usability study comparing FBAC-LSM with SELinux and AppArmor found that the new approach provided significant benefits including higher levels of user satisfaction and of successful policy creation. In the near future I will share the results of the usability study, including suggestions for improving the usability of SELinux and AppArmor. Currently I am planning on expanding the FBAC-LSM tools to export to and manage AppArmor and SEEdit policies. I am looking for anyone interested in collaborating on the project. Please contact me. There are a number of problems with the synchronisation in the LSM code, which I hope someone on one of these mailinglists can help with. Programmed in C and C++, using the LSM and Qt frameworks. Policy abstractions in FBAC-LSM-PL policy language. Licensed GPL. Check out the FBAC-LSM homepage which has lots more information and videos: http://schreuders.org/FBAC-LSM Pull the sourceforge Git repo (which includes the Linux Security Module (LSM), graphical policy manager, and policies) to your computer with the command: git clone git://fbac-lsm.git.sourceforge.net/gitroot/fbac-lsm/fbac-lsm If you are attending the 2010 linux.conf.au conference, I hope to see you at my talk in room Renouf 2 at 16:45 on Wednesday 20/01/10: http://www.lca2010.org.nz/programme/schedule/view_talk/50029?day=wednesday Thanks, Z. Cliffe Schreuders http://schreuders.org PhD Candidate Murdoch University -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists