• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

CBOSS: Transfer of Existing Security Knowledge

This initiative will generate a practical Security Architecture and security-enhanced man pages for the FreeBSD operating system.

The FreeBSD Project benefits from extensive architectural documentation describing almost all major components of the operating system, but one important area not thoroughly documented is the system-wide security architecture. This absence leaves developers without a clear picture of requirements and implementation issues relating to security in the FreeBSD system. This has led to the introduction of security policy inconsistencies, and no clear framework to work within when developing new security features. The lack of clarity has left new features introduced in the system inconsistent with some current features--for example, the mandatory "jail" security model introduced doesn't take into account all possible mediation points for System V IPC objects.

Practical Security Architecture Document

This initiative will develop a practical Security Architecture Document for FreeBSD developers. Our objective with the Security Architecture Document is to provide clear and detailed documentation of the system security architecture, and to establish a reasonable means to keep this information updated as the system evolves. This work will focus on providing practical nuts-and-bolts security information to programmers.

Security-Enhanced man Pages

The existing FreeBSD developer's documentation, in the form of man pages, is fairly comprehensive, providing descriptions of all major utility, library, system call, and kernel interfaces. However, the man pages are far less comprehensive in the area of security, both with regards to a system-wide security architecture, and more specific security-relevant details for individual services and interfaces.

To address this problem, system man pages must be updated to reflect the security architecture, as well as provide more complete documentation of available security services, frequent security pitfalls (such as incorrect temporary file and string handling), secure coding techniques, and advice on reasonable code security review processes.

A key objective of this work is to make security information extremely convenient for programmers to obtain, thus reducing the security workload when developing or maintaining software.

contactisso@SPARTA.com