[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B22032F.906@ii.net>
Date: Fri, 11 Dec 2009 16:30:39 +0800
From: Cliffe <cliffe@...net>
To: apparmor-dev@...ge.novell.com, selinux@...ho.nsa.gov,
linux-kernel@...r.kernel.org,
linux-security-module@...r.kernel.org,
fbac-lsm-general@...ts.sourceforge.net
Subject: New security system FBAC-LSM announcement and call for collaborators
In preparation for my LCA talk “A New Paradigm for Restricting
Applications and Protecting Yourself from Your Processes”, today I have
released the code for FBAC-LSM. This initial development version of
FBAC-LSM is functional, but is unstable and slow. It is developed
against an older version of the LSM interface (using the AppArmor
path-based hooks), and will be updated to work with the new interface in
the future. There is quite a bit of work to be done before it is ready
for production systems or formal code review.
I developed FBAC-LSM for my PhD research. FBAC-LSM restricts programs
based on the features each application provides. Reusable policy
abstractions, known as functionalities, can be used to grant the
authority to perform high level features (for example using the
Web_Browser functionality) or lower level features (such as using the
HTTP_Client functionality) or to grant privileges to access any
specified resources. Functionalities are parameterised, which allows
them to be adapted to the needs of specific applications.
Functionalities are also hierarchical; that is, functionalities can
contain other functionalities.
Over one hundred applications were analysed, and functionalities and
policies were developed. A number of techniques for automating aspects
of policy specification were also developed. A usability study comparing
FBAC-LSM with SELinux and AppArmor found that the new approach provided
significant benefits including higher levels of user satisfaction and of
successful policy creation. In the near future I will share the results
of the usability study, including suggestions for improving the
usability of SELinux and AppArmor.
Currently I am planning on expanding the FBAC-LSM tools to export to and
manage AppArmor and SEEdit policies.
I am looking for anyone interested in collaborating on the project.
Please contact me. There are a number of problems with the
synchronisation in the LSM code, which I hope someone on one of these
mailinglists can help with.
Programmed in C and C++, using the LSM and Qt frameworks. Policy
abstractions in FBAC-LSM-PL policy language. Licensed GPL.
Check out the FBAC-LSM homepage which has lots more information and videos:
http://schreuders.org/FBAC-LSM
Pull the sourceforge Git repo (which includes the Linux Security Module
(LSM), graphical policy manager, and policies) to your computer with the
command:
git clone git://fbac-lsm.git.sourceforge.net/gitroot/fbac-lsm/fbac-lsm
If you are attending the 2010 linux.conf.au conference, I hope to see
you at my talk in room Renouf 2 at 16:45 on Wednesday 20/01/10:
http://www.lca2010.org.nz/programme/schedule/view_talk/50029?day=wednesday
Thanks,
Z. Cliffe Schreuders
http://schreuders.org
PhD Candidate
Murdoch University
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists