Robert Watson has posted a number of status updates relating to various pieces of work going on in the TrustedBSD Project, and in particular, relating to integration of recent changes into the FreeBSD CVS tree for inclusion in the upcoming 6.0 release. This includes a information on verified execution, the MAC Framework, the SEBSD port of NSA’s FLASK/TE to FreeBSD, and the new security event audit framework in FreeBSD 6.0.
TrustedBSD Status Report
2005-06-03 FreeBSD 4 Comments
Glad to read that those TrustedBSD goodies will find their way into FreeBSD 6.x
It’s also nice that Apple is contributing back some code under the BSD license – Watson and the TrustedBSD team are basing some of their extensions on it.
.. with SELinux, and TrustedBSD there are lots of choices of security technology, but it makes me wonder though, with all of these finer-grained privilege models, isn’t that one of the problems with windows security, its over complicated and often not used correctly?
Fedora Core 3 and Red Hat Enterprise Linux has shipped with SELinux targeted policy by default. It hasnt been over complicated since the policy tends to work without tweaks for everyone. However more usability in the area of policy writing and ability to modify the binary policy itself would be a good thing. Work is being done on it. Some of this you can see on the next release of Fedora (FC4)
While I agree user testing should be an integral part of determining if a security methodology can be understood well enough to be implemented and utilized properly, I do not think the priviledge model of Microsoft Windows is inherently complicated. A fundamental level of knowledge is necessary to administer a computer system, and security implementations must take into account the variability of knowledge and experience of the users of that technology. The presentation to the user should be as simple as possible and no simpler. Flask is more thorough than either Windows or *nix, being more complicated is a side-effect of that completeness.
Security flaws in Windows are at a more fundamental level, as they are also with other OS’s on a untagged architecture with an executable stack. As I’ve said the security implmentation must take user interaction into account, there is a definite division between user-level and implementation level. The question is ‘If the administrator follows all procedures properly is the system secure?’ Until that can be answered positively, the ultimate refinement of user-level protocol will never guarantee system security.