This kinda reminds me of the days when people (poor college students?) brought their Zip drives and disks to Kinkos and downloaded warez from the Macs and PCs. Guess those pimple faced fellows behind the counter were not paid enough to care.
Man, I don't know about you all, but after the 9-11 and now 11-12, I think I got a pretty damn strong reason for reporting to work late in the mornings... Traffic jams don't work now, try terrorist attacks.:-)
I haven't paid much attention to the NetBSD kernel development (especially the NFS part) recently. As far as I know, quite a lot of efforts on "zero copy" were made to the NetBSD kernel in order to beef up the NFS send/receive performance with NICs.
If I understand correctly, a main bottleneck in the NetBSD kernel is memory copying from the user space to the kernel space.
Under regular circumstance, network i/o buffers are copied from user processes to kernel on the send side, and from kernel to user processes on the receiving side.
By implementing this "zero copy" method, the above copying process is eliminated and a gain in the system performance as well as network performance should be seen.
What I am interested to know is that, how mature is this "zero copy" and the overall NetBSD kernel (particularly NFS and the NIC component) to handle great amount of TCP network i/o.
The sample codes SGI put on their web page is just a microscopic portion of a fully functional military grade OS product. It will require a complete rewrite of the whole operating system; a re-implementation of system api's, principals and concepts.
A PATCH JUST CAN'T DO THE JOB.
Let's just focus on a small but important aspect of military grade systems - PRIVILEGE. We can forget about secure networking, trusted windowing, and etc etc for now (eventually we will need to address those too).
In a trusted system, each user is held accountable for actions taken by processes being their id, even though those actions may be completely beyond perception. As a consequence, the trusted system must regulate not only user actions, but also the actions of user processes. In Linux (or traditional Unix), all power is vested in the root uid 0. Throughout the kernel of the underlying system there are checks for effective uid 0.
All of these checks are replaced on a trusted system by a check for privilege. Privileges allows the trusted system to control access to system calls, based on the requested operation and the invoking user account - much more reliable and granular than simply checking identity. No more if uid !=0 then deny access. very action which compromise security is estricted with a named privilege, and a process with appropriate privileges is allowed to invoke a system call REGARDLESS of uid.
So, on Linux a privileged operation succeeds if the effective uid == 0; on a trusted system the operation succeeds if the process has the appropriate privilege.
So now, you're probably thinking "EEK! r00t d03sn'7 0wn!'.
There are other topics such as data labelling, auditing, etc etc that I have not mentioned, but are critical to the implementation of a trusted system and secure OS kernel.
If all those could be implemented in form of a patch, perhaps we should consider Windows 2000 a patch too.:-)
Yours, --Albert
Re:Source is free, but NSA evaluation process ISNT
on
TrustedBSD Announced
·
· Score: 1
Oh.
I really feel stupid now. I thought those folks were attempting to promote open source to government agencies as an alternative to commmercial solutions...
Now if you are talking about the main effort of this is to bring BLS to desktop systems that your average Joe runs because that would be 1337, then I rest my case here.
Mmmm.
Yours, --Albert
Source is free, but NSA evaluation process IS NOT!
on
TrustedBSD Announced
·
· Score: 2
I am not sure about you guys, but I begin to notice a pattern developing here. So every now and then, you would see somebody coming up with a not-so-new-idea. The content of that is not important, as long as it runs on linux/bsd, and most importantly it is open sourced.
Yes. The source is free, but the NSA evaluation process IS NOT!
I remain skeptical about this one (and other opensourced BLS projects we came across previously). I mean, where are they going to get the fundings and needed financial support? NSA is, obviously, not going to entertain a bunch of coders with "opensource" bandanas wrapped around their foreheads; On the other hand, if the OS has not formally passed the BLS evaluation (which is going to cost an arm and a leg), they couldn't even use the term BLS (B Level Security) OS.
I remember when Hewlett Packard rolled out its BLS HP-UX 10.24 a couple of years ago (based on earlier version of HP-UX BLS 8.04/9.09, they were B1 at that point I believe), the marketing folks claimed that 10.24 achieved the B2 evaluation standards with MAC/DAC enforcement on system, network level as well as secure windowing systems. Those secure dtterms got this funky colour frame on them showing you which system compartment you are in, etc etc. It's pretty neat.
HOWEVER, the marketing folks also added that the B2 evaluation process could take them several years and LOTS AND LOTS of $$, so they ended up selling HP-UX BLS 10.24 as a B1 system, aka. Virtual Vault.
This is going to be a long journey, but I am still optimistic about it. What do you think?
I have not carefully studied Argus' BLS design and implementation, but I *seriously* doubt that their so-called BLS system was officially endorsed by the DoD. The certification process is loooooooong, and is extremely costy $$$.
Yours, --Albert
Building Linux to meet C2/C1/B2/B1 standard...
on
Auditing for Linux?
·
· Score: 1
Guess I come a little late, but I spent some time reading through the whole thread, and was wondering if anybody has ever read the "Security Requirements for System High and Compartmented Mode Workstations" criteria (DDS 2600-5502-91)? This is the criteria to which the SecureWare's original (yes I mean it) CMW product was built upon. A must for those who are looking forward to actually design and/or implement a trusted system based on Linux, that would meet the Orange Book's criterias.
I don't think SecureWare exists anymore. I think they changed name to SecureFirst and is in online banking e-commerce business right now. I used to work in Hewlett Packard and have participated in some of the HP-UX BLS/CMW developement projects (the not so well know 9.09, 10.06, 10.24 release). I think it's currently marketed as some big e-biz bundle called Virtual Vault, but that was the older days... Anyway, if there is such BLS project for Linux, I'd be interested to join. Any links/URLs, please?
BTW, you do not build a Linux B1/B2/C1/C2 system, you build a B1/B2/C1/C2 system based on Linux. A lot of the B1/B2/C1/C2 criterias defeat the original unix implementation concepts. The higher up you go, the less unix-feel you're going to get. Like, hey, I thought root is meant to be the god but why'd I get a 'rm -rf/: permission denied'? You get the idea....
A little off-topic tidbit, but is nice to know is that one of the very first CMW B1 box was built on a (drum roll) . . . . . . . . . . . . . . . . . . . Apple Macintosh! Yeah, no sh!t.
Slashdot Mirror
This kinda reminds me of the days when people (poor college students?) brought their Zip drives and disks to Kinkos and downloaded warez from the Macs and PCs. Guess those pimple faced fellows behind the counter were not paid enough to care.
Man, I don't know about you all, but after the 9-11 and now 11-12, I think I got a pretty damn strong reason for reporting to work late in the mornings... Traffic jams don't work now, try terrorist attacks. :-)
I did some searching on goggle and found this interesting URL on network storage:
o ns.html
URL http://www.cs.duke.edu/ari/publications/publicati
Funny that FreeBSD (not NetBSD, however) is mentioned in one of the articles listed.
I haven't paid much attention to the NetBSD kernel development (especially the NFS part) recently. As far as I know, quite a lot of efforts on "zero copy" were made to the NetBSD kernel in order to beef up the NFS send/receive performance with NICs.
If I understand correctly, a main bottleneck in the NetBSD kernel is memory copying from the user space to the kernel space.
Under regular circumstance, network i/o buffers are copied from user processes to kernel on the send side, and from kernel to user processes on the receiving side.
By implementing this "zero copy" method, the above copying process is eliminated and a gain in the system performance as well as network performance should be seen.
What I am interested to know is that, how mature is this "zero copy" and the overall NetBSD kernel (particularly NFS and the NIC component) to handle great amount of TCP network i/o.
Anyone cares to enlighten?
I bet somebody would be selling a piece of WTC on eBay soon... We'll see.
Now I got a damn good reason to report to work at 10AM!
The sample codes SGI put on their web page is just a microscopic portion of a fully functional military grade OS product. It will require a complete rewrite of the whole operating system; a re-implementation of system api's, principals and concepts.
:-)
A PATCH JUST CAN'T DO THE JOB.
Let's just focus on a small but important aspect of military grade systems - PRIVILEGE. We can forget about secure networking, trusted windowing, and etc etc for now (eventually we will need to address those too).
In a trusted system, each user is held accountable for actions taken by processes being their id, even though those actions may be completely beyond perception. As a consequence, the trusted system must regulate not only user actions, but also the actions of user processes. In Linux (or traditional Unix), all power is vested in the root uid 0. Throughout the kernel of the underlying system there are checks for effective uid 0.
All of these checks are replaced on a trusted system by a check for privilege. Privileges allows the trusted system to control access to system calls, based on the requested operation and the invoking user account - much more reliable and granular than simply checking identity. No more if uid !=0 then deny access. very action which compromise security is estricted with a named privilege, and a process with appropriate privileges is allowed to invoke a system call REGARDLESS of uid.
So, on Linux a privileged operation succeeds if the effective uid == 0; on a trusted system the operation succeeds if the process has the appropriate privilege.
So now, you're probably thinking "EEK! r00t d03sn'7 0wn!'.
There are other topics such as data labelling, auditing, etc etc that I have not mentioned, but
are critical to the implementation of a trusted system and secure OS kernel.
If all those could be implemented in form of a patch, perhaps we should consider Windows 2000 a patch too.
Yours,
--Albert
Oh.
I really feel stupid now. I thought those folks were attempting to promote open source to government agencies as an alternative to commmercial solutions...
Now if you are talking about the main effort of this is to bring BLS to desktop systems that your average Joe runs because that would be 1337, then I rest my case here.
Mmmm.
Yours,
--Albert
I am not sure about you guys, but I begin to notice a pattern developing here. So every now and then, you would see somebody coming up with a not-so-new-idea. The content of that is not important, as long as it runs on linux/bsd, and most importantly it is open sourced.
Yes. The source is free, but the NSA evaluation process IS NOT!
I remain skeptical about this one (and other opensourced BLS projects we came across previously). I mean, where are they going to get the fundings and needed financial support? NSA is, obviously, not going to entertain a bunch of coders with "opensource" bandanas wrapped around their foreheads; On the other hand, if the OS has not formally passed the BLS evaluation (which is going to cost an arm and a leg), they couldn't even use the term BLS (B Level Security) OS.
I remember when Hewlett Packard rolled out its BLS HP-UX 10.24 a couple of years ago (based on earlier version of HP-UX BLS 8.04/9.09, they were B1 at that point I believe), the marketing folks claimed that 10.24 achieved the B2 evaluation standards with MAC/DAC enforcement on system, network level as well as secure windowing systems. Those secure dtterms got this funky colour frame on them showing you which system compartment you are in, etc etc. It's pretty neat.
HOWEVER, the marketing folks also added that the B2 evaluation process could take them several years and LOTS AND LOTS of $$, so they ended up selling HP-UX BLS 10.24 as a B1 system, aka. Virtual Vault.
This is going to be a long journey, but I am still optimistic about it. What do you think?
Yours,
--Albert
I have not carefully studied Argus' BLS design and
implementation, but I *seriously* doubt that their
so-called BLS system was officially endorsed by
the DoD. The certification process is loooooooong,
and is extremely costy $$$.
Yours,
--Albert
Guess I come a little late, but I spent some time reading through the whole thread, and was wondering if anybody has ever read the "Security Requirements for System High and Compartmented Mode Workstations" criteria (DDS 2600-5502-91)? This is the criteria to which the SecureWare's original (yes I mean it) CMW product was built upon. A must for those who are looking forward to actually design and/or implement a trusted system based on Linux, that would meet the Orange Book's criterias.
/: permission denied'? You get the idea....
I don't think SecureWare exists anymore. I think they changed name to SecureFirst and is in
online banking e-commerce business right now. I used to work in Hewlett Packard and have participated in some of the HP-UX BLS/CMW developement projects (the not so well know 9.09, 10.06, 10.24 release). I think it's currently marketed as some big e-biz bundle called Virtual Vault, but that was the older days... Anyway, if there is such BLS project for Linux, I'd be interested to join. Any links/URLs, please?
BTW, you do not build a Linux B1/B2/C1/C2 system, you build a B1/B2/C1/C2 system based on Linux. A lot of the B1/B2/C1/C2 criterias defeat the original unix implementation concepts. The higher up you go, the less unix-feel you're going to get. Like, hey, I thought root is meant to be the god but why'd I get a 'rm -rf
A little off-topic tidbit, but is nice to know is that one of the very first CMW B1 box was built on a (drum roll)
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Apple Macintosh! Yeah, no sh!t.
Yours,
--Albert