lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <4B22032F.906@ii.net>
Date:	Fri, 11 Dec 2009 16:30:39 +0800
From:	Cliffe <cliffe@...net>
To:	apparmor-dev@...ge.novell.com, selinux@...ho.nsa.gov,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	fbac-lsm-general@...ts.sourceforge.net
Subject: New security system FBAC-LSM announcement and call for collaborators

In preparation for my LCA talk “A New Paradigm for Restricting 
Applications and Protecting Yourself from Your Processes”, today I have 
released the code for FBAC-LSM. This initial development version of 
FBAC-LSM is functional, but is unstable and slow. It is developed 
against an older version of the LSM interface (using the AppArmor 
path-based hooks), and will be updated to work with the new interface in 
the future. There is quite a bit of work to be done before it is ready 
for production systems or formal code review.

I developed FBAC-LSM for my PhD research. FBAC-LSM restricts programs 
based on the features each application provides. Reusable policy 
abstractions, known as functionalities, can be used to grant the 
authority to perform high level features (for example using the 
Web_Browser functionality) or lower level features (such as using the 
HTTP_Client functionality) or to grant privileges to access any 
specified resources. Functionalities are parameterised, which allows 
them to be adapted to the needs of specific applications. 
Functionalities are also hierarchical; that is, functionalities can 
contain other functionalities.

Over one hundred applications were analysed, and functionalities and 
policies were developed. A number of techniques for automating aspects 
of policy specification were also developed. A usability study comparing 
FBAC-LSM with SELinux and AppArmor found that the new approach provided 
significant benefits including higher levels of user satisfaction and of 
successful policy creation. In the near future I will share the results 
of the usability study, including suggestions for improving the 
usability of SELinux and AppArmor.

Currently I am planning on expanding the FBAC-LSM tools to export to and 
manage AppArmor and SEEdit policies.

I am looking for anyone interested in collaborating on the project. 
Please contact me. There are a number of problems with the 
synchronisation in the LSM code, which I hope someone on one of these 
mailinglists can help with.

Programmed in C and C++, using the LSM and Qt frameworks. Policy 
abstractions in FBAC-LSM-PL policy language. Licensed GPL.

Check out the FBAC-LSM homepage which has lots more information and videos:
http://schreuders.org/FBAC-LSM

Pull the sourceforge Git repo (which includes the Linux Security Module 
(LSM), graphical policy manager, and policies) to your computer with the 
command:
git clone git://fbac-lsm.git.sourceforge.net/gitroot/fbac-lsm/fbac-lsm

If you are attending the 2010 linux.conf.au conference, I hope to see 
you at my talk in room Renouf 2 at 16:45 on Wednesday 20/01/10:
http://www.lca2010.org.nz/programme/schedule/view_talk/50029?day=wednesday

Thanks,

Z. Cliffe Schreuders
http://schreuders.org
PhD Candidate
Murdoch University


--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ