From 375e1e27ae501456fe8d53e07e3cf83ab0286d6e Mon Sep 17 00:00:00 2001
From: Robert Watson <rwatson@FreeBSD.org>
Date: Thu, 12 Mar 2009 09:46:36 +0000
Subject: [PATCH] Add three new TrustedBSD-related ideas for GSoC (or
 otherwise):

- New audit parsing API
- NT/Linux to BSM conversion tool
- Application-specific audit trails

All three would be reasonable student projects or someone with strong C
language skills and at least some security backgroun.
---
 en/projects/ideas/ideas.xml | 136 +++++++++++++++++++++++++++++++++++-
 1 file changed, 135 insertions(+), 1 deletion(-)

diff --git a/en/projects/ideas/ideas.xml b/en/projects/ideas/ideas.xml
index a09aa01c7a..a4ddc6cdb0 100644
--- a/en/projects/ideas/ideas.xml
+++ b/en/projects/ideas/ideas.xml
@@ -15,7 +15,7 @@ Ideas//EN"
 <ideas>
   <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
     <cvs:keyword name="freebsd">
-      $FreeBSD: www/en/projects/ideas/ideas.xml,v 1.95 2009/03/12 07:12:37 brooks Exp $
+      $FreeBSD: www/en/projects/ideas/ideas.xml,v 1.96 2009/03/12 07:30:50 imp Exp $
     </cvs:keyword>
   </cvs:keywords>
 
@@ -1584,6 +1584,140 @@ New tests must be created; existing tests must be completed and updated.
 	</desc>
       </idea>
 
+      <idea id="auditparse" class="soc">
+	<title>A New Audit Parsing API</title>
+
+	<desc>
+	<p><strong>Technical contact</strong>: <a
+	  href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
+	  href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
+	  mailing list</a></p>
+
+	<p>The current OpenBSM audit parsing API has a number of limitations,
+	  not least that it can't handle little endian BSM records that may
+	  come from Solaris x86 systems, in terms of ABI robustness in the
+	  presence of new record types, ability to process trails generated
+	  non-locally in terms of supporting uid/gid->name translation, and
+	  in terms of incrementally processing a byte stream from, for
+	  example, socket sources without using the C FILE API.</p>
+
+	<p>This task would consider existing audit parsing APIs in the
+	  industry, including POSIX.1e, relevant Open Group specs, and in-use
+	  APIs on other systems such as Solaris, Linux, Windows NT, and
+	  others, in order to first identify an existing candidate API or
+	  design a new candidate API, then implement the API and adapt
+	  existing audit applications to use it.  The task would also
+	  document the API using man pages, create an audit parsing tutorial
+	  document, create a test suites, and require interaction with the
+	  OpenBSM and FreeBSD communities to identify audit parsing
+	  requirements.</p>
+
+	<p>If successful, the results of this work would be integrated into
+	  OpenBSM, the open source BSD-licensed audit framework shipped with
+	  FreeBSD and Mac OS X.</p>
+
+	<p><strong>Requirements</strong>:</p>
+	<ul>
+	  <li>Strong C programming skills.</li>
+	  <li>Past coursework or reading in the area of computer security.</li>
+	</ul>
+	</desc>
+      </idea>
+
+      <idea id="bsmconvert" class="soc">
+	<title>NT/Linux to BSM Conversion Tool</title>
+
+	<desc>
+	<p><strong>Technical contact</strong>: <a
+	  href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
+	  href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
+	  mailing list</a></p>
+
+	<p>The BSM (Basic Security Framework) audit trail format is the de
+	  facto industry standard for portable operating system audit trails,
+	  being supported on Solaris, FreeBSD, and Mac OS X.  However, many
+	  other audit trail formats exist that are less portable, including
+	  audit trail formats local to Windows NT and Linux.</p>
+
+	<p>This task would create BSD-licensed conversion tools to import
+	  audit trails from other systems and convert them to BSM format so
+	  that they can be inspected and managed using the OpenBSM tool set.
+	  This would require the creation of BSD-licensed parsers for audit
+	  trail formats of interest, designing and documenting a semantic
+	  mapping to the BSM trail format, and writing conversion utilities
+	  using the new parsers, semantic mapping, and BSM generation
+	  routines in OpenBSM.  A key part of this work would be to
+	  rigorously understand and document the mapping and its limitations
+	  (for example, perhaps some Windows NT concepts can't be represented
+	  in BSM in a natural way, such as larger SID than UID fields, which
+	  is important information for anyone using BSM trails from NT
+	  systems).  A test suite is also required.</p>
+
+	<p>If successful, the results of this work would be integrated into
+	  OpenBSM, the open source BSD-licensed audit framework shipped with
+	  FreeBSD and Mac OS X.</p>
+
+	<p><strong>Requirements</strong>:</p>
+	<ul>
+	  <li>Strong C programming skills.</li>
+	  <li>Past coursework or reading in the area of computer security.</li>
+	</ul>
+	</desc>
+      </idea>
+
+      <idea id="appaudit" class="soc">
+	<title>Application-Specific Audit Trails</title>
+
+	<desc>
+	<p><strong>Technical contact</strong>: <a
+	  href="mailto:rwatson@FreeBSD.org">Robert Watson</a>, <a
+	  href="mailto:trustedbsd-audit@TrustedBSD.org">TrustedBSD audit
+	  mailing list</a></p>
+
+	<p>Currently, FreeBSD's audit trail support is a system-level
+	  facility, intended to track system-level security events.  However,
+	  as the affordability of computers has gone up, they are
+	  increasingly single-application systems, and applications are
+	  increasingly playing a role in the Trusted Code Base (TCB) of
+	  larger integrated computing systems.  As such, it is desirable to
+	  support reliable and secure auditing of application events that do
+	  not correspond to the traditional TCB components, such as events
+	  from databases, web servers, or virtual machines.  However, these
+	  events need to be handled separately, as they have quite different
+	  security and selection requirements.</p>
+
+	<p>This task would extend the FreeBSD kernel's audit framework to
+	  allow multiple concurrent audit trails to be maintained, reflecting
+	  different "slices" of the system.  The base slice would be the
+	  existing system audit trail, submitted to by the kernel itself, as
+	  well as using the audit(2) system call, and stored in /var/audit.
+	  New slices would be represented by named special devices in /dev,
+	  with ownership and permissions reflecting their desired application
+	  security properties; each slice would have its own audit worker and
+	  queue, with its own pipe reliability properties and target trail
+	  files.  This would require extending OpenBSM's auditd and libbsm to
+	  support multiple trails as well.  Finally, two or more sample
+	  applications would be modified to submit application-level
+	  auditing, such as the authentication routines in Apache and
+	  PostgreSQL.  This design would have several interesting properties,
+	  not least that audit trails submitted by applications would be
+	  protected from application tampering after submission, as the
+	  kernel would mediate access using the TCB.  Analysis of potential
+	  designs, security issues, documentation, and a test suite are
+	  required.</p>
+
+	<p>If successful, the results of this work would be integrated into
+	  the FreeBSD kernel and OpenBSM.</p>
+
+	<p><strong>Requirements</strong></p>
+	<ul>
+	  <li>Strong C programming skills.</li>
+	  <li>Past coursework or reading in the area of computer security.</li>
+	  <li>Past coursework in the area of operating system kernels.</li>
+	</ul>
+	</desc>
+      </idea>
+
   </category>
 
   <category>