Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security IOS OS X Open Source Operating Systems Software Technology

DARPA Open Source Security Helped FreeBSD, Junos, Mac OS X, iOS 22

An anonymous reader writes "In a February 2013 ACM Queue / Communications of the ACM article, A decade of OS access-control extensibility, Robert Watson at the University of Cambridge credits 2000s-era DARPA security research, distributed via FreeBSD, for the success of sandboxing in desktop, mobile, and embedded systems such as Mac OS X, iOS, and Juniper's Junos router OS. His blog post about the article argues that OS security extensibility is just as important as more traditional file system (VFS) and device driver extensibility features in kernels — especially in embedded environments where UNIX multi-user security makes little sense, and where tradeoffs between performance, power use, functionality, and security are very different. This seems to fly in the face of NSA's recent argument argument that one-size-fits-all SELinux-style Type Enforcement is the solution for Android security problems. He also suggests that military and academic security researchers overlooked the importance of app-store style security models, in which signed application identity is just as important as 'end users' in access control."
This discussion has been archived. No new comments can be posted.

DARPA Open Source Security Helped FreeBSD, Junos, Mac OS X, iOS

Comments Filter:
  • This is a nice and relevant example to /., but aren't there plenty of other examples where DARPA has ultimately benefited people other than the military? Like say.. the ARPAnet lead to the Internet, or mainframes to cloud computing, or virtual reality to video games, or onion routing to TOR. I know there are plenty of smarter /.ers who can think of a bazillion more examples.

    • by um... Lucas ( 13147 ) on Wednesday January 30, 2013 @11:25PM (#42747061) Journal

      Yes. The list is too long to even bother to post. But I'd wager most of what we take for granted, generally and technologically specifically, has its roots in public spending. If it wasn't publicly funded research projects that brought the technology to a state usable by private enterprise, or public money creating a market and demand for products that no one else could afford, our world would be vastly different today, and lacking in a lot. This is why I shudder at people who say that our government spending is the problem. Couldn't be further from the truth.

  • The model had to be driven by someone, in this case DARPA or other contributors pushed ahead to validate it.

    Then more importantly, opening it up for adoption as much in science gets built upon.

    Right now our economy would be even better if more were declassified, made open as possible, read NASA in its ideal and spun out to create more jobs/technologies/societal benefits.

    If only the US would also advertise this as a contribution it makes all the time in the world to some less open societies, we would really

    • Actually, following DARPA's decision to yank support of the POSSE project [wikipedia.org] allegedly due to comments of Theo de Raadt, it had been theorized that DARPA subsequently took a dim view of not just OBSD but other BSD projects, not related to Theo, such as FBSD. So given that, the headline of this story is somewhat surprising.

      It however does explain why DARPA developed SELinux, as well as making their security features more based on Linux than the BSDs

  • So the wars have been worth it after all!
  • by unrtst ( 777550 ) on Wednesday January 30, 2013 @06:08PM (#42744003)

    SELinux and "UNIX multi-user security" are not referring to the same thing. This doesn't "fly in the face" of anything. I'm 99.9% sure "Unix multi-user security" is referring to user/group/world permission bits per file/directory. That doesn't help all that much in the realm of embedded systems, as they said. SELinux is an entirely different beast, and achieves many of the same results as signed executables and sandboxing, and some more (and vice-versa).

    Interesting links, but an awful summary.

    • Re: (Score:1, Interesting)

      by Anonymous Coward

      Except that the essentially randomized configurations of SELinux are so complex that no one, and i mean *no one*, uses it in production. Out of roughly 30,000 Linux systems I've helped deploy, it's been left active in "Strict" mode in about 3, and those had to turn it off pretty quickly as projects found it hampered actual work.

  • "To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security [acm.org] .. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

    To mention Unix and Windows NT security in the one sentence, just begs credulity ...

    "Windows NT [wikipedia.org] and its successors .. were not initially designed with Internet security in mind"
    • Re: (Score:3, Interesting)

      "To discuss operating system security is to marvel at the diversity of deployed access-control models: Unix and Windows NT multiuser security [acm.org] .. This diversity is the result of a stunning transition from the narrow 1990s Unix and NT status quo to security localization"

      To mention Unix and Windows NT security in the one sentence, just begs credulity ...

      "Windows NT [wikipedia.org] and its successors .. were not initially designed with Internet security in mind"

      I think you're confusing Windows NT the operating system (NT3, NT4, 2000, XP, etc.) with NT the kernel and security model, which was designed to be POSIX compliant, which implies lining up with "unix multi-user security" and is also done in such a way as to be tweakable to mimic many of the SELinux advancements. The OS I could do without; the security model as originally baked in (and then ignored in preference of interoperability with DOS/9x -- but it's still there) is actually pretty network-savvy. It's

      • You get a nod, for seeming to know your stuff. I think you may actually be right, in some alternate reality.

        The problem is, in this reality, only the unix-likes have ever been released with a functioning security model. The security on my computers, as installed and scripted by default, is time tested, and has been improved with time. The Windows security model mostly just sits in the backroom, next to an open door (or window) and collects fungus. Almost no one actually brings it out into the workspace,

  • All Linux distributions already use signed packages.
    The only difference is that the kernel doesn't enforce that all programs are signed, it's simply the application installing them that checks it.

In the long run, every program becomes rococco, and then rubble. -- Alan Perlis

Working...