DARPA Open Source Security Helped FreeBSD, Junos, Mac OS X, iOS 22
An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."
DARPA yeilds advancements in many categories (Score:1)
This is a nice and relevant example to /., but aren't there plenty of other examples where DARPA has ultimately benefited people other than the military? Like say.. the ARPAnet lead to the Internet, or mainframes to cloud computing, or virtual reality to video games, or onion routing to TOR. I know there are plenty of smarter /.ers who can think of a bazillion more examples.
Re:DARPA yeilds advancements in many categories (Score:4, Insightful)
Yes. The list is too long to even bother to post. But I'd wager most of what we take for granted, generally and technologically specifically, has its roots in public spending. If it wasn't publicly funded research projects that brought the technology to a state usable by private enterprise, or public money creating a market and demand for products that no one else could afford, our world would be vastly different today, and lacking in a lot. This is why I shudder at people who say that our government spending is the problem. Couldn't be further from the truth.
NASA/DARPA and making the world better - openness (Score:2)
The model had to be driven by someone, in this case DARPA or other contributors pushed ahead to validate it.
Then more importantly, opening it up for adoption as much in science gets built upon.
Right now our economy would be even better if more were declassified, made open as possible, read NASA in its ideal and spun out to create more jobs/technologies/societal benefits.
If only the US would also advertise this as a contribution it makes all the time in the world to some less open societies, we would really
Re: (Score:2)
Actually, following DARPA's decision to yank support of the POSSE project [wikipedia.org] allegedly due to comments of Theo de Raadt, it had been theorized that DARPA subsequently took a dim view of not just OBSD but other BSD projects, not related to Theo, such as FBSD. So given that, the headline of this story is somewhat surprising.
It however does explain why DARPA developed SELinux, as well as making their security features more based on Linux than the BSDs
Excellent. (Score:1)
SELinux != UNIX multi-user security (Score:3)
SELinux and "UNIX multi-user security" are not referring to the same thing. This doesn't "fly in the face" of anything. I'm 99.9% sure "Unix multi-user security" is referring to user/group/world permission bits per file/directory. That doesn't help all that much in the realm of embedded systems, as they said. SELinux is an entirely different beast, and achieves many of the same results as signed executables and sandboxing, and some more (and vice-versa).
Interesting links, but an awful summary.
Re: (Score:1, Interesting)
Except that the essentially randomized configurations of SELinux are so complex that no one, and i mean *no one*, uses it in production. Out of roughly 30,000 Linux systems I've helped deploy, it's been left active in "Strict" mode in about 3, and those had to turn it off pretty quickly as projects found it hampered actual work.
Unix WIndows NT security? (Score:2)
To mention Unix and Windows NT security in the one sentence, just begs credulity
"Windows NT [wikipedia.org] and its successors
Re: (Score:3, Interesting)
"To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security [acm.org] .. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"
To mention Unix and Windows NT security in the one sentence, just begs credulity ...
"Windows NT [wikipedia.org] and its successors .. were not initially designed with Internet security in mind"
I think you're confusing Windows NT the operating system (NT3, NT4, 2000, XP, etc.) with NT the kernel and security model, which was designed to be POSIX compliant, which implies lining up with "unix multi-user security" and is also done in such a way as to be tweakable to mimic many of the SELinux advancements. The OS I could do without; the security model as originally baked in (and then ignored in preference of interoperability with DOS/9x -- but it's still there) is actually pretty network-savvy. It's
Re: (Score:2)
You get a nod, for seeming to know your stuff. I think you may actually be right, in some alternate reality.
The problem is, in this reality, only the unix-likes have ever been released with a functioning security model. The security on my computers, as installed and scripted by default, is time tested, and has been improved with time. The Windows security model mostly just sits in the backroom, next to an open door (or window) and collects fungus. Almost no one actually brings it out into the workspace,
Packages signed in all Linux distributions (Score:1)
All Linux distributions already use signed packages.
The only difference is that the kernel doesn't enforce that all programs are signed, it's simply the application installing them that checks it.
Re: (Score:2)
Not really. It's great for tyrants though.
Re: (Score:2)
Enforcing signatures on all programs, including configuration and data files the binary shipped with, is harder but far more valuable.
Let's assume for a moment that this is true. Is it also valuable to restrict the owner of a computer from being able to add the public key of an additional signer? If so, how?
Re: (Score:2)
DARPA Open Source Security Helped FreeBSD, Junos, Mac OS X, iOS
Enforcing signatures on all programs [...] is [...] far more valuable [than on the installer alone].
Is it also valuable to restrict the owner of a computer from being able to add the public key of an additional signer?
Why are you making such a contrived example that obviously biases away from any form of private security?
Because Apple and the major video game console makers are known to base their business model on "restrict[ing] the owner of a computer from being able to add the public key of an additional signer".
It's my damned computer. I, myself, make the security choices.
Not if your computer is an iPod touch, iPhone, or iPad, as per the headline's mention of iOS. Owners of those devices are required to put their faith in Apple.
Re: (Score:3)
It's not much more valuable. The line between code and data is often quite blurry. For example, a lot of browser exploits have been due to vulnerabilities in libpng or libjpeg, where a malformed image caused some part of the input image to be treated as code. Even if you signed the entire binary, all of its libraries, and all of its config files, you aren't guaranteeing that the code is bug free. It protects you against a specific kind of adversary: one trying to persuade you to install a trojan by pret