The POSSE Project
Posse: a group of people summoned by a sheriff to aid in law enforcement.
Goals
Engineering a critical information infrastructure requires trustworthy software
components. Such
components have proven challenging to implement, as the work
involved requires detailed analysis of the ``fault-tree'' of security
penetrations, and coping with all the leaves of such a tree. The cost
(and delay in time-to-market) for such analysis has inhibited commercial
availability of such systems. Yet the need for high assurance systems
grows with our reliance on the software components of our
systems. While formal methods offer considerable promise, they have
failed to successfully describe systems as deployed, and thus
represent an additional cost beyond the already onerous analysis.
Our approach, Portable Open Source Security
Elements (POSSE), will make a dramatic difference.
Our team is composed of the core teams of the
OpenBSD, OpenSSH and OpenSSL projects with the addition of some University
researchers. First, we will deliver
security-audited software. There is no ``silver bullet'' which removes the need for analysis and
testing in building trustworthy software.
OpenBSD has had no successful remote root attacks in
over 3 years, and is characterized by its approach of careful audit,
including fixing subsystems before they are distributed as part of
OpenBSD. It is for this reason widely used in contexts such
as embedded systems and systems for security purposes such as
firewalls and NFR. Second, a security-focused UNIX variant can inform
and influence the design of systems with similar
ancestry and ``raise the bar'' for crackers. Any operating system
monoculture, whether it be a version of Windows(TM) in the commercial
sector or Linux in the open source sector, is extremely
dangerous. Finally, we will
greatly accelerate our development efforts, and support
many desirable security technologies and features.
Activities
Specific tasks we will undertake in POSSE include:
-
Audit and improve the OpenSSL software, which is widely used to
support e-commerce. Improvements will include OpenSSL support for
hardware cryptographic acceleration.
-
Design a portable kernel interface for OpenSSL to communicate with
kernel-supported hardware cryptography devices.
-
Import bootstrap integrity checking developed by researchers
at the University of Maryland.
-
IPsec support for application-keying/policies.
-
/dev/policy policy device. This was prototyped in our earlier
work on a distributed firewall for OpenBSD, but it reusable in all
kinds of contexts involving security.
-
Merge of features from the Security-enhanced Linux work recently
released by the NSA; the /dev/policy work is related to this as
well.
-
Extended attributes for FFS (imported from Trusted BSD), and ACLs for
the filesystem built on top of the extended attributes.
The most important contribution of POSSE will be its creation of a
security-conscious community of open source developers.
People
Papers
- "TAPI: Transactions for
Accessing Public Infrastructure"
- Matt Blaze, John
Ioannidis, Sotiris Ioannidis, Angelos D. Keromytis, Pekka Nikander,
and Vassilis Prevelakis. To appear in the Proceedings of the 8th
IFIP Personal Wireless Communications (PWC) Conference. September
2003, Venice, Italy.
- "Design and Implementation of
Virtual Private Services"
- Sotiris Ioannidis, Steven
M. Bellovin, John Ioannidis, Angelos D. Keromytis, and Jonathan
M. Smith. In Proceedings of the IEEE International Workshops on
Enabling Technologies: Infrastructure for Collaborative Enterprises
(WETICE), Workshop on Enterprise Security, Special Session on Trust
Management in Collaborative Global Computing. June 2003, Linz,
Austria.
- "WebDAVA: An Administrator-Free Approach To
Web File-Sharing"
- Alexander Levine, Vassilis Prevelakis, John
Ioannidis, Sotiris Ioannidis, and Angelos D. Keromytis. In
the Proceedings of the IEEE International Workshops on Enabling
Technologies: Infrastructure for Collaborative Enterprises (WETICE), Workshop
on Distributed and Mobile Collaboration. June 2003, Linz,
Austria.
- "Secure and Flexible Global File Sharing"
- Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, John
Ioannidis, Angelos D. Keromytis, and Jonathan M. Smith.
In Proceedings of USENIX 2003 Annual Technical Conference, Freenix
Track, pp. 165
- 178. June 2003, San Antonio, TX.
- "A Study of the Relative Costs of Network Security Protocols"
- Stefan Miltchev, Sotiris Ioannidis, and Angelos Keromytis. In Proceedings of
USENIX 2002 Annual Technical Conference, Freenix Track. June 2002,
Monterey.
- "Fileteller: Paying and Getting Paid for File Storage"
- John Ioannidis, Sotiris Ioannidis, Angelos
D. Keromytis, and Vassilis Prevelakis. In Proceedings of
Financial Cryptography (FC) 2002. March 2002,
Bermuda.
- "Secure and Flexible Global File Sharing"
- Stefan Miltchev, Vassilis Prevelakis, Sotiris Ioannidis, Angelos D. Keromytis, Jonathan M. Smith.
Technical Report MS-CIS-01-23, November 2001, University of Pennsylvania.
Talks
Related sites
