• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

CBOSS: Kernel Security Extensibility Framework

This initiative will develop Poligraph, a modular kernel extensibility framework for the FreeBSD operating system. Poligraph will allow the introduction of new access control models into the operating system by providing a consistent and well-defined mechanism for imposing new policy, as well as composing the results of various active policy mechanisms.

This research recognizes a number of problems in integrating new security models into an operating system:

• the difficulty and cost of identifying the necessary mediation points for new security models,
• the difficulty associated with integrating new security models into any existing security models, or in the event that multiple models are introduced, predicting their composite behavior,
• the difficulties associated with developers of non-security features understanding and appropriately implementing the semantics of an access control model, and
• the desire to reduce the cost of maintenance for new security models by reducing the degree to which the authors of security models must rely on extensive patch sets against a moving source target.

In this research, we will consider the requirements of a variety of access control models, including those developed on FreeBSD as part of the TrustedBSD Project [WAT00], to determine their requirements and interactions. This will permit the construction of an extensibility framework capable of supporting these security features in a modular manner, by abstracting the current access control checks and providing a module management mechanism, as well as policy composition and label management.

This task includes a number of goals, including documentation of the existing security architecture, documentation and exploration of the new TrustedBSD models, design and analysis of existing extensibility frameworks, such as the Flask [LOS00, SMA00] and RSBAC [OTT97] models, and the design and implementation of a new pluggability framework based on these results. In addition, modules will be developed providing access to the existing FreeBSD and TrustedBSD security models, as well demonstrating the improved facility for new security model development. The implementation will take place in two phases, first addressing the compile-time extensibility issue, and later, run-time extensibility.

Poligraph attempts to address a number of technical challenges, including that of managing the relationships between security modules in terms of composition of resulting access control decisions which may conflict between models, and dependencies between models with regards to subject and object labeling. Poligraph will provide a well-defined interface for invoking access control checks, modeled on VFS, Netgraph, and other semantically strong extensibility models, rather than simply a set of software hooks. This will facilitate integration into a fine-grained SMP system, and allow a variety of modules to be used concurrently while maintaining a well-defined composition model.

webmaster@opensource.nailabs.com