Newsgroups: comp.security.misc,alt.security
Path: sparky!uunet!destroyer!gumby!wupost!usc!venice!gumby.dsd.trw.com!trwacs.fp.trw.com!epstein
From: epst...@trwacs.fp.trw.com (Jeremy Epstein)
Subject: POSIX security: call for participation
Message-ID: <1993Mar17.211220.7045@trwacs.fp.trw.com>
Organization: TRW Systems Division, Fairfax VA
Date: Wed, 17 Mar 1993 21:12:20 GMT
Lines: 318

POSIX 1003.6 (Security) Working Group Organizing New Subgroups
==============================================================

For the past year, the P1003.6 Working Group has been focused on resolving
ballot objections to the current draft standard.  Starting at the April
meeting in Irvine, several new subgroups will be formed to investigate
the development of standard security interfaces for additional functional
areas.

At the P1003.6 meeting in New Orleans in January, the group came up with a
list of potential areas where work could be performed.  Note that this list
is not necessarily exhaustive.  It is simply a starting point.  The actual
areas to be worked will be determined, to a large degree, by the wishes of
the people who show up to do the work.  If you have a specific area of
interest, you are strongly encouraged to start attending the meetings on a
regular basis, starting with the April meeting.  Those of us who have
participated in the group over the last few years have found the work
interesting and rewarding.  Our companies, who have sponsored our
attendance, have also found our participation to have significant value.

The current draft would not be coming to fruition were it not for the work
of all those who have participated in the Security Working Group (1003.6) - 
a dedicated group of individuals representing many different technical 
viewpoints.  If you are a member of that origina  group, we welcome you back 
as we start our new efforts.  If you have not participated before, but have 
an interest in any of the topics below, or any other related topic, we 
also welcome your participation.  The broader our base of expertise and real 
world experience, the better the resulting standard will be.  Your efforts 
will make a difference.

This working group is known for working hard, and playing hard.
It is a group dedicated to the development of security interfaces. 
Although the meetings can be lively with contentious technical discussion,
the group also has been known to have fun together. You too can 
become a part of the group that introduced the Bunny Hop to an unsuspecting 
Europe; was remembered by the staff at a major hotel the next year ("Are THEY 
here again???"); was observed at the bar in the Holiday Inn at 1AM with
4 notebooks plugged in, working on the draft; as well as many other
moments too numerous to be recounted here.  P1003.6 is a very active group, 
strongly committed to the standards process, very receptive to new members 
and new ideas, working together well as a team.

If you have any further questions about the working group or the upcoming 
meeting, please contact the Acting Vice Chair, Lynne Ambuel (410) 859-4463. 
She can also be reached electronically at Ambuel @ dockmaster.ncsc.mil.

We hope to see you in Irvine!!

List of Potential New Functional Areas
======================================

Administrative Services
          Administrative user interfaces to security-related mechanisms is
          an area that was specifically determined to be "out-of-scope" for
          the original 1003.6 effort.  However, the group understands that
          this is an area that needs to be standardized so that an
          administrator's interface to portable systems is predictable and
          well-defined.  The Security Group (1003.6) met with the
          Administrative Services group (1003.7) to discuss possible
          overlapping areas on which security attributes should be handled
          in their proposed user database.  After a period of discussion, it
          was agreed upon that some kind of liaison should be established
          between the Security and Administrative Services Groups
          The possible security administration areas that could be addressed
          are listed below:

          Password Management
          Backup/Restore
          Audit
          Privilege/Authorizations
          MAC
          Information Labels
          Label Management
          Process Management
          Job Control Management
          Resource Management
          User/Login Management - User Accounts
          Terminal Management - Session
          I&A Management
          System CM
          ACL Management
          Role Management
          Clearances
          Device Management
          Software/OS Installation


General Cryptographic Services Interfaces
          Generic interfaces to cryptographic services was not
          within the original scope of the 1003.6 effort.
          However, there were specific ballot objections to Draft 12
          of the standard because it did not include any such
          interfaces. The ballot resolution group agreed that the
          interfaces are needed and that they should be addressed.
          
          A balloter has provided a series of interfaces for checking
          the integrity baseline of a system and for generating
          and verifying digital signatures.  This 'proposal' could be
          used as a basis for developing the interface for
          cryptographic services.

          Encryption was also considered to be of importance in
          cryptographic services.  This would include interfaces
          to keying algorithms, as well as encryption and decryption services.
          The emphasis would be on a creating generic algorithm-
          independent API.

          A major problem with dealing with standardization of
          cryptographic services at an international level is
          import and export restrictions on cryptographic services
          and algorithms.  This is true not only between US and
          Europe, but also between national boundaries within Europe.
          However, the feeling is that these trade barriers seem to
          be weakening and this effort is therefore a worthwhile one.

Identification and Authentication
          Identification and Authentication (I&A) was identified as
          being out of scope in draft 12 of the 1003.6 document.
          However, it is acknowledged by the members of 1003.6 that
          I&A is an integral part of protection mechanisms and should
          be considered. UNIX login, for example, is widely used and
          should be included in the IEEE POSIX API. I&A was considered to
          be one of the most important  new work items by virtually all of 
          the members present at the New Orleans meeting.
          Thus, I&A will most likely become a new work item
          for the 1003.6 group. In addition, discussions with the
          Administrative Services group identified I&A management as
          a security service with security attributes.

          Topics to be considered under I&A include:
          * Credential Management - Identification and maintenance of
            credential information needed for proper identification of
            a user.
          * Credential Manipulation - Modification, duplication and
            delegation of credentials of a user.
          * Passwords - Passwords were reluctantly added to the list, 
            not because they are not important but because of the fear of
            establishing a standard that would be bound to a password
            mechanism.  It was the opinion of the group that FIPS 112
            should be looked at for ideas and direction.  In addition,
            the UK government password guidelines could be used as
            input to this effort.
          * Additional Authentication - Additional authentication mechanisms 
            should be identified and researched.  (e.g. smart cards,
            biometrics, etc.) However, the group would concentrate on
            developing APIs to these mechanisms without setting a
            standard as to which one should be used.
          * Identifier Management (User) -  Identification and maintenance 
            of information needed to properly identify a user are to be 
            included in this effort. Items such as name, clearance, 
            organizational code could be considered along with any other 
            information that could be used to determine security related 
            privileges of a user.

Security Liaison Efforts
            The original scope of P1003.6 included adding new interfaces
            for security-related functions to P1003.1 and P1003.2, as
            well as redefining those interfaces within P1003.1 and
            P1003.2 that provided security vulnerabilities for
            complying systems.  The latter portion of this scope now needs
            to be extended to the other IEEE POSIX standards that are
            being developed, to be sure that there are no inherent 
            security flaws in those systems.  In order to accomplish
            this task, the IEEE P1003.6 Security Working Group sees it
            as very important to keep track of, and have an active
            liaison with, other POSIX working groups that have now, or
            in the future may have, security implications. An active
            dialog with these groups will lessen the possibility that
            any security flaws are mandated in systems developing to
            those standards.

            This includes the following:
               * 1003.1a extensions to ISO 9945-1:1990
               * 1003.2b ISO revision of 1003.2
               * 1003.4  real-time
               * 1003.4a threads
               * 1003.7  administration
               * 1003.8  transparent file access
               * 1003.12 protocol independent network specification
               * 1003.15 batch services
               * 1003.17 directory/name services

            The goals of this work are to ensure that security issues
            are either addressed directly by the affected working
            groups or brought to the attention of the security working
            group for inclusion at a later stage in the list
            of "new work items", as well as to ensure a better
            understanding of potential security issues in other
            specifications.  It is also important for the working group
            to understand the security impact of these other interfaces
            on the 1003.6 specification.

Networking Services
            The IEEE P1003.6 Security Working Group will investigate the
            development of security extensions for Networking Services.
            These extensions will work within the guidelines described in
            the evolving IEEE POSIX Distributed Security Study Group's
            proposal "A Distributed Security Framework for POSIX".

            The group will address security extensions and new interfaces
            to allow security services to function in a network or
            distributed system environment in the following  potential areas:

            * Secure RPC: interfaces need to be defined which allow for
              the selection of a variety of security services including
              identification, authentication, and possibly access control.
            * Authorization and Access Control: current authorization and
              access control interfaces should be extended to work within
              a distributed system environment.
            * Distributed Management Interfaces: interfaces should be
              defined to allow the management of the variety of security
              attributes and services necessary in a network or
              distributed system environment.
            * Auditing: extensions to the security auditing interfaces
              need to be defined to allow auditing to work in a network
              and distributed system environment. For example, the audit
              interfaces need to provide the ability for servers to audit
              events on behalf of the client. Likewise, the auditing
              interfaces need to provide services to  handle audit
              trails which may be spread across multiple systems.
            * Credential Management: interfaces should be defined to
              manage user credentials and their associated attributes
              in a network-wide or distributed system.

Portable Formats
            The IEEE P1003.6 Security Working Group will investigate
            the development of standard, portable formats for access
            control lists (ACLs), mandatory access control (MAC) and
            information labels, file privilege states, and audit trails.
            Developing standard, portable formats for ACLs, labels, and
            file privilege states is necessary to preserve security
            relevant attributes of objects when importing and exporting
            those objects between non-homogeneous (and sometimes even
            homogeneous) platforms. Developing a standard, portable
            audit trail format is necessary to preserve the usefulness
            of audit trails when importing and exporting audit data
            between non-homogeneous platforms.

            This effort will include interacting with other POSIX
            working groups that are developing standard interfaces
            that should utilize these portable formats.

**********************************************************************

AGENDA FOR IRVINE P1003.6 Security Working Group Meeting
========================================================

The IEEE POSIX Working Group for Security will meet at the Irvine 
Marriott Hotel in Irvine CA during the week of 19 - 23 April. More 
information about registration and attendance to the meeting can be
obtained from Brenda Williams at the IEEE Computer Society. Her telephone
number is (202) 371-0101.  The telephone number of the conference hotel
is (714) 553-0100.

The April meeting of Security working group (P1003.6) will have
two purposes: to resolve ballot issues for the current draft standard
and to define and begin formulating the new set of protection interfaces
for several functionality areas not encompassed by the current draft. 
There will be both large group discussions and small group work sessions.

Mon, 19 April:    9:00-11:30  Discussion of the new interface areas.
                              Formulation ofnew subgroups.
                  1:00-2:30   Discussion of Liaison issues 
                              Selection of liaisons to other working groups
                  2:30-5:00   subgroups meet

Tue, 20 April:    9:00-5:00   subgroups meet

Wed, 21 April:    9:00-5:00   Open discussion with Ballot Resolution Team 
                              regarding significant changes to the draft 
                              required to resolve ballot objections.
Thu, 22 April:    9:00-5:00   Ballot Resolution team meet to continue the 
                              ballot resolution process.  
                  9:00-5:00   Liaisons will meet with their target working
                              group.
                  9:00-5:00   subgroups will continue to meet.

Fri, 23 April:    9:00-3:00   Ballot Resolution team meet to continue the 
                              ballot resolution process.  
                  9:00-3:00   Liaisons will meet with their target working
                              group.
                  9:00-3:00   subgroups will continue to meet.
                  3:00-5:00   Closing plenary to discuss progress and to
                              task any work that needs to be done before
                              the July meeting. If this plenary is deemed
                              unnecessary, each of the above groups will
                              continue their own work.    
************************************************************************

WEDNESDAY OPEN DISCUSSION ON 1003.6 BALLOT ISSUES

In the process of resolving ballots on the P1003.6 document, several
contentious technical issues have been raised that the ballot resolution
group feels should be brought before the working group as a whole. These
issues are ones initiated by some balloters and disapproved by other 
balloters. The changes mandated by these balloters would fundamentally 
change the technical basis on which the interfaces were written. The 
following list is a sample of some of these issues. Other issues may also 
be raised.  The ballot resolution group will lead this discussion and welcome 
input from all those present, whether or not they are currently part of the 
balloting group.

          1. A set of balloters have objected to the inclusion of specific
privileges in the standard.  
          2. A set of balloters objected to the inclusion of the mask 
mechanism in ACL section of the standard. The mask was removed from draft
13. A different set of balloters have now objected to the removal of the
mask from the specification.
          3. A set of balloters objected for the inclusion of multi-level
directories in the standard. These interfaces were removed from the standard
for the Draft 13 ballot. A different set of balloters have now objected 
to the removal of multi-level directories.

-- 
Jeremy Epstein			Internet: epst...@trwacs.fp.trw.com
Trusted X Research Group	Voice: +1 703/803-4947
TRW Systems Division
Fairfax Virginia

			  SCO's Case Against IBM

November 12, 2003 - Jed Boal from Eyewitness News KSL 5 TV provides an
overview on SCO's case against IBM. Darl McBride, SCO's president and CEO,
talks about the lawsuit's impact and attacks. Jason Holt, student and 
Linux user, talks about the benefits of code availability and the merits 
of the SCO vs IBM lawsuit. See SCO vs IBM.

Note: The materials and information included in these Web pages are not to
be used for any other purpose other than private study, research, review
or criticism.