se alguem tiver interessado... Jean
Begin forwarded message: > From: "Robert N. M. Watson" <robert.wat...@cl.cam.ac.uk> > Date: 6 October 2010 15:50:29 GMT+01:00 > To: cl-security-resea...@lists.cam.ac.uk > Subject: Kylin kernel source code now online > > For those interested in secure operating systems, or even possibly secure > operating systems, the Kylin kernel source code is now online: > > http://code.google.com/p/kylin-2 > > For those who don't follow Schneier et al, Kylin is a FreeBSD-derived > operating system developed for use by the Chinese military. It was forked in > around 2004/2005, as far as I know, but contains significant enhancements > since then. A talk was given on Kylin at EuroBSDCon in Milan a few years ago, > I can see if I can dig up the paper if folks are interested. > > I was interested to see that they appear to make moderate use of the MAC > Framework, a reference monitor I designed as part of DARPA work about ten > years ago. They have a different implementation of security event auditing > than the version I did for Mac OS X and FreeBSD, however (presumably due to > branching before that went into FreeBSD), and also don't have the > fine-grained privilege work I did for nCircle that made its way back into > FreeBSD. > > Among MAC models, they have what appears to be a LOMAC-derived data tainting > model, although I've not looked closely at the specifics of the policy so may > be misreading. They've also adapted a version of FLASK/TE that my team > developed at NAI Labs, based on the version from SELinux; this didn't make it > into mainstream FreeBSD, but does appear to have found a home in Kylin. > > There's probably quite a few interesting things to say here if someone has to > time to do a more serious analysis. > > Robert ------------------------- Histórico: http://www.fug.com.br/historico/html/freebsd/ Sair da lista: https://www.fug.com.br/mailman/listinfo/freebsd
