November 18, 1998
2:00 – 3:00
1131 ENG II

In attendance:
David Klotz (DK), Jeff Rowe (JR), Jason Schatz (JS) and Chris Wee (CW)

Immutable files in FreeBSD
Demonstration for Boeing
Chris Wee demos his firewall in Sec Lab 1

    1) DK:  Immutable files in FreeBSD – root cannot affect them.  FreeBSD own by INIT.  File set up – root can increase security level.  You can only add (not remove) restrictions.  If the host is compromised, you can still trust it.
            a) CW:  Changes security semantics on some operations on the operating system
            b) DK:  Any host-based response program adds a lot if you can trust it if the host is compromised
            c) CW:  Is the host-based response system any good?
            d) DK/JS: Yes, it has an append only system for log files – backup and restore problems
            e) JS:  You can change security method to allow owner to modify/delete
            f) DK:  CD Writer is an append-only system.
            g) CW:  CD Writer drivers only listen to the last table of contents.  So the data is still there, but you can’t see it on the table of contents.
            h) CW:  Set flags, try to root kit system
            i) JS:  Write language with hosts as objects, define key relationships through transitive closure which host access.  Modeling typology of network
    2) DK:  For Boeing, provide a demonstration of any protected process running.
            a) JR:  If it only runs on BSD, it won’t be impressive.
            b) DK:  Solaris source code
            c) JR:  Need host-based response system.
            d) DK:  Crisis system?
            e) CW:  Include host-based system into Solaris.  Loaded kernel module – read access control list – user/system codes
            f) Honey pots for “Red Team” – script a bunch of responses
            g) JS:  Script good responses and underhanded response to screw the “Red Team”
            h) CW:  IDIP interface to IP Firewall
            i) JR: Or TCP wrappers
            j) CW:  Andrew Gross from University of Sand Diego – white paper, good hacker
            k) CW:  IPFW execute on command level, dynamic flush
            l) JS:  Establish a connection
            m) CW:  There is leeway in how we design the environment; encryption software.  Everything in system is encryption only DSSH running.  Load PRLPC

    3) Chris Wee provides a demonstration of his firewall in the Security Lab.