Add three new TrustedBSD-related ideas for GSoC (or otherwise):

- New audit parsing API
- NT/Linux to BSM conversion tool
- Application-specific audit trails

All three would be reasonable student projects or someone with strong C
language skills and at least some security backgroun.
This commit is contained in:
Robert Watson 2009-03-12 09:46:36 +00:00
parent 6eb956537b
commit 375e1e27ae
Notes: svn2git 2020-12-08 03:00:23 +00:00
svn path=/www/; revision=33920

View file

@ -15,7 +15,7 @@ Ideas//EN"
<ideas>
<cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
<cvs:keyword name="freebsd">
$FreeBSD: www/en/projects/ideas/ideas.xml,v 1.95 2009/03/12 07:12:37 brooks Exp $
$FreeBSD: www/en/projects/ideas/ideas.xml,v 1.96 2009/03/12 07:30:50 imp Exp $
</cvs:keyword>
</cvs:keywords>
@ -1584,6 +1584,140 @@ New tests must be created; existing tests must be completed and updated.
</desc>
</idea>
<idea id="auditparse" class="soc">
<title>A New Audit Parsing API</title>
<desc>
<p><strong>Technical contact</strong>: <a
href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
mailing list</a></p>
<p>The current OpenBSM audit parsing API has a number of limitations,
not least that it can't handle little endian BSM records that may
come from Solaris x86 systems, in terms of ABI robustness in the
presence of new record types, ability to process trails generated
non-locally in terms of supporting uid/gid->name translation, and
in terms of incrementally processing a byte stream from, for
example, socket sources without using the C FILE API.</p>
<p>This task would consider existing audit parsing APIs in the
industry, including POSIX.1e, relevant Open Group specs, and in-use
APIs on other systems such as Solaris, Linux, Windows NT, and
others, in order to first identify an existing candidate API or
design a new candidate API, then implement the API and adapt
existing audit applications to use it. The task would also
document the API using man pages, create an audit parsing tutorial
document, create a test suites, and require interaction with the
OpenBSM and FreeBSD communities to identify audit parsing
requirements.</p>
<p>If successful, the results of this work would be integrated into
OpenBSM, the open source BSD-licensed audit framework shipped with
FreeBSD and Mac OS X.</p>
<p><strong>Requirements</strong>:</p>
<ul>
<li>Strong C programming skills.</li>
<li>Past coursework or reading in the area of computer security.</li>
</ul>
</desc>
</idea>
<idea id="bsmconvert" class="soc">
<title>NT/Linux to BSM Conversion Tool</title>
<desc>
<p><strong>Technical contact</strong>: <a
href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
mailing list</a></p>
<p>The BSM (Basic Security Framework) audit trail format is the de
facto industry standard for portable operating system audit trails,
being supported on Solaris, FreeBSD, and Mac OS X. However, many
other audit trail formats exist that are less portable, including
audit trail formats local to Windows NT and Linux.</p>
<p>This task would create BSD-licensed conversion tools to import
audit trails from other systems and convert them to BSM format so
that they can be inspected and managed using the OpenBSM tool set.
This would require the creation of BSD-licensed parsers for audit
trail formats of interest, designing and documenting a semantic
mapping to the BSM trail format, and writing conversion utilities
using the new parsers, semantic mapping, and BSM generation
routines in OpenBSM. A key part of this work would be to
rigorously understand and document the mapping and its limitations
(for example, perhaps some Windows NT concepts can't be represented
in BSM in a natural way, such as larger SID than UID fields, which
is important information for anyone using BSM trails from NT
systems). A test suite is also required.</p>
<p>If successful, the results of this work would be integrated into
OpenBSM, the open source BSD-licensed audit framework shipped with
FreeBSD and Mac OS X.</p>
<p><strong>Requirements</strong>:</p>
<ul>
<li>Strong C programming skills.</li>
<li>Past coursework or reading in the area of computer security.</li>
</ul>
</desc>
</idea>
<idea id="appaudit" class="soc">
<title>Application-Specific Audit Trails</title>
<desc>
<p><strong>Technical contact</strong>: <a
href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
mailing list</a></p>
<p>Currently, FreeBSD's audit trail support is a system-level
facility, intended to track system-level security events. However,
as the affordability of computers has gone up, they are
increasingly single-application systems, and applications are
increasingly playing a role in the Trusted Code Base (TCB) of
larger integrated computing systems. As such, it is desirable to
support reliable and secure auditing of application events that do
not correspond to the traditional TCB components, such as events
from databases, web servers, or virtual machines. However, these
events need to be handled separately, as they have quite different
security and selection requirements.</p>
<p>This task would extend the FreeBSD kernel's audit framework to
allow multiple concurrent audit trails to be maintained, reflecting
different "slices" of the system. The base slice would be the
existing system audit trail, submitted to by the kernel itself, as
well as using the audit(2) system call, and stored in /var/audit.
New slices would be represented by named special devices in /dev,
with ownership and permissions reflecting their desired application
security properties; each slice would have its own audit worker and
queue, with its own pipe reliability properties and target trail
files. This would require extending OpenBSM's auditd and libbsm to
support multiple trails as well. Finally, two or more sample
applications would be modified to submit application-level
auditing, such as the authentication routines in Apache and
PostgreSQL. This design would have several interesting properties,
not least that audit trails submitted by applications would be
protected from application tampering after submission, as the
kernel would mediate access using the TCB. Analysis of potential
designs, security issues, documentation, and a test suite are
required.</p>
<p>If successful, the results of this work would be integrated into
the FreeBSD kernel and OpenBSM.</p>
<p><strong>Requirements</strong></p>
<ul>
<li>Strong C programming skills.</li>
<li>Past coursework or reading in the area of computer security.</li>
<li>Past coursework in the area of operating system kernels.</li>
</ul>
</desc>
</idea>
</category>
<category>