Research and Security 11:13 am
Dynamic behavior has been identified and we have entered into the behavior specification stage. Once this formalization is complete then it will be time to work on designing and developing the transformation engines and re-engineering a suitable TCB.
Good going SERG!
News and Research and Security 7:24 pm
I just got over with improving the flow, spells and grammar of FIT09 paper. The diagrams were buggy so got them fixed. Thanks to Recluze and Sana for PDF editing in images and copyright from. I am feeling so relaxed and excited about it. This work is going to be extended for a journal and also target a high ranking conference for improvements and future work.
It’s about time that things are going right. We got a proper fix on everything. Soon all my puzzles will get solved. Researchers have left some good traces but they have’nt got to the right place, which industry demands in open source technologies.
News and Research and Security 1:25 pm
Realization of Dynamic Behavior Attestation for Mobile Platforms paper has been accepted at Frontier of Information Technology (ACM). It potrays the essentials of the solutions that we are providing to achieve a dynamic remote attestation technique, which is used to synchronize with service providers (server side). The design of target architecture is complete while metapolicies are still in progress. Minor issues of semantic integrations are also in progress.
Access Control and Linux and Research and SELinux 7:32 pm
Following are the high level languages that have been investigated in past and present and they should serve as lessons learned from other efforts. These other efforts are “Experiances with higher levels” [1] from Tresys team. Then we have the Hitachi efforts on SEEDIT [2] for generating simple, non reference policy [13], selinux policies. Lately in SELinux 2008 summit we came across Shrimp and Lobster [3] followed by some policy management upgrades expected in [4] based on [5]. [4, 5] are yet to be presented so we are not clear exactly what to expect apart from an intermediate language on top of modular “Reference Policy” [13].
Next some of us want to be able to write SELinux policies and we are also expecting some workshops so I am pointing out the material that is expected to be prepared for the workshops. Some of you might want to look at it before time. [6] are the training modules that are definitely an attractive material for learning how to write policy and understand the working, design and implementation of policy infrastructure [13, 14, 15]. Then we have the “SELinux by Example” book for a solid reference. Another policy wrting tutorial that I liked was [7].
Updates on package management of SELinux policies is [8, 9, 10, 11]. I am not sure how this approach will be used with existing Policy Management Infra [12, 14, 15]?
Other works to be aware of for SELinux are work in progress on Labeled NFS [16], SEPostgre [17], SE-PHP [18], SE-Apache [19], and other object managers like Dbus [20] and Gconf [21]. Lately I came across MAC and Virtualization [23], which I have not read in detail to comment upon.
I will cover on more tools and literature as I remember and come across and will update.
[1] http://www.tresys.com/pdf/Experiences-With-Higher-Level.pdf
[2] http://seedit.sourceforge.net/
[3] http://selinuxproject.org/files/2008_selinux_developer_summit/2008_summit_white.pdf
[4] http://selinuxproject.org/page/Developer_Summit_2009/Abstracts/Brindle_Policy_1
[5] http://linuxplumbersconf.org/ocw/proposals/56
[6] Lost the link so I can email it to you on request. These are part of opensource material from Tresys Inc. educational team.
[7] http://www.lurking-grue.org/writingselinuxpolicyHOWTO.html
[8] http://selinuxproject.org/page/Developer_Summit_2009/Abstracts/Brindle_Policy_2
[9] https://fedoraproject.org/wiki/SELinux_Policy_Modules_Packaging_Draft
[10] http://linuxplumbersconf.org/ocw/proposals/58
[11] http://fedoraproject.org/wiki/PackagingDrafts/SELinux
[12] http://www.tresys.com/pdf/Design-And-Implementation-of-PMS.pdf
[13] http://oss.tresys.com/projects/refpolicy
[14] http://oss.tresys.com/projects/policy-server/wiki/PolicyModules
[15] http://userspace.selinuxproject.org/trac/
[16] http://selinuxproject.org/page/Labeled_NFS
[17] http://wiki.postgresql.org/wiki/SEPostgreSQL
[18] http://pecl.php.net/package/selinux
[19] http://code.google.com/p/sepgsql/wiki/Apache_SELinux_plus
[20] http://www.redhat.com/magazine/003jan05/features/dbus/
[21] http://dbus.freedesktop.org/doc/dbus-daemon.1.html#lbAG
[22] http://docs.huihoo.com/selinux/gconf07.pdf
[23] http://www.tresys.com/pdf/Tresys_RethinkSecurity.pdf
Access Control and Development and IMA and Linux and Research 2:21 pm
Our work at DBAMP is to leverage Linux based platforms to be controlled remotely by stakeholders for what they own on the platform. Our technical achievements include porting Integrity Measurement Architecture and Security Enhanced SELinux to such platforms. Now we are working on protocols to use these services from remote server nodes to manage the platforms remotely. Next we will work on an administrative high level policy to have a platform independent policy so that any kind of platform can be targeted for remote management of required behavior.
At the same time we will also try to enrich the controls that we are enforcing. More details after the work has been published 
Development and Ideas and Research 7:17 am
Recently we tried out Xen virtualization for some brief experiments where we went through installation and configurations but then we realized that it cannot be made useful for our existing projects at SERG. The reason was that its resource intensive and we should only stick to SELinux domain isolations and interfacing.
Now we are working on transformations from high to low level policies. From platform independent to platform depedant policies. We hope to achieve some solid theoretical foundations in a weeks time although some of us had taught compiler construction on graduate and post graduate levels. Next we will use ANTLR to automate the translations.
This will prove to be a turning point of our efforts because we will be entering the dynamic nature of mobile platform security.
Development and Linux and Research 4:53 am
We have successfully run SElinux on OpenMoko FreeRunner where we have built the infrastructure for mobile platforms based on ARMv4t. It is based on the Linux kernel 2.6.24 and runs policy version 19 with support for booleans as well.
Development and Linux and Research 7:37 pm
Today I finished with CVS and SVN, trying to grasp the jargon and the required concepts. I also revised my understanding of different standards that shape the secure and trusted computing research and development efforts. I was not very comfortable with MLS and now I am aware of its significance tied with MCS.
The standards that I keep track of and try to understand more and more are: TCSEC and Common Criteria from trusted computing world and OMTP, OMA, LiMo, etc from the mobile device’s world.
I have successfully sorted out all the TCB sensitive infrastrucutre and would soon propose a design in my upcomming publications. Oh by the way a list of my publications is available at my group;s Blog: serg.imsciences.edu.pk. I am soon going to make an online portfolio which will also document my publications. Maybe on this blog or my Group’s site.
Tomorrow is a Sunday but its part of being an alien to work on Sunday’s and I will start porting SELinux to OpenMoko. My work will be based on Willis’ work of GSoC in which he ported SELinux to OM but its not maintained and was known to be buggy with filesystem relabelling.
This will take some time because its a very messy work to handle. Consider all the policy and the userspace support and I am also interested in porting PMS for my personal experiments. I did some testing of PMS on PC architecture some time ago when I was learning SELiux for the first time I hope it has matured since then.
I will try to update the blog in the meanwhile but lets see …..
It is the application space where inovation can be found by the crazy researchers of our time. It takes too long to make standards at lower layers of abstraction because that standardization is dominated by the industry giants like Microsoft, IBM, Apple and all the major vendors.
Service oriented architectures, cloud computing, Software as a Service and Mashups are the new trends where enthusiastic researchers like myself can introduce new ideas and influence the world at large.
I am currently doing a casual background study on these technology with a special taste for opensource solutions. More on this later 
