[FUG-BR] Fwd: Kylin kernel source code now online

[Jean Everson Martina]

se alguem tiver interessado...

Jean

Begin forwarded message:

> From: "Robert N. M. Watson" <robert.watson at cl.cam.ac.uk>
> Date: 6 October 2010 15:50:29 GMT+01:00
> To: cl-security-research at lists.cam.ac.uk
> Subject: Kylin kernel source code now online
> 
> For those interested in secure operating systems, or even possibly secure operating systems, the Kylin kernel source code is now online:
> 
>  http://code.google.com/p/kylin-2
> 
> For those who don't follow Schneier et al, Kylin is a FreeBSD-derived operating system developed for use by the Chinese military. It was forked in around 2004/2005, as far as I know, but contains significant enhancements since then. A talk was given on Kylin at EuroBSDCon in Milan a few years ago, I can see if I can dig up the paper if folks are interested.
> 
> I was interested to see that they appear to make moderate use of the MAC Framework, a reference monitor I designed as part of DARPA work about ten years ago. They have a different implementation of security event auditing than the version I did for Mac OS X and FreeBSD, however (presumably due to branching before that went into FreeBSD), and also don't have the fine-grained privilege work I did for nCircle that made its way back into FreeBSD.
> 
> Among MAC models, they have what appears to be a LOMAC-derived data tainting model, although I've not looked closely at the specifics of the policy so may be misreading. They've also adapted a version of FLASK/TE that my team developed at NAI Labs, based on the version from SELinux; this didn't make it into mainstream FreeBSD, but does appear to have found a home in Kylin.
> 
> There's probably quite a few interesting things to say here if someone has to time to do a more serious analysis.
> 
> Robert