November 18, 1998
2:00 – 3:00
1131 ENG II
David Klotz (DK), Jeff Rowe (JR), Jason Schatz (JS) and Chris Wee (CW)
Immutable files in FreeBSD
Demonstration for Boeing
Chris Wee demos his firewall in Sec Lab 1
1) DK: Immutable files in FreeBSD – root cannot
affect them. FreeBSD own by INIT. File set up – root can increase
security level. You can only add (not remove) restrictions.
If the host is compromised, you can still trust it.
a) CW: Changes security semantics on some operations on the operating
b) DK: Any host-based response program adds a lot if you can trust
it if the host is compromised
c) CW: Is the host-based response system any good?
d) DK/JS: Yes, it has an append only system for log files – backup and
e) JS: You can change security method to allow owner to modify/delete
f) DK: CD Writer is an append-only system.
g) CW: CD Writer drivers only listen to the last table of contents.
So the data is still there, but you can’t see it on the table of contents.
h) CW: Set flags, try to root kit system
i) JS: Write language with hosts as objects, define key relationships
through transitive closure which host access. Modeling typology of
2) DK: For Boeing, provide a demonstration
of any protected process running.
a) JR: If it only runs on BSD, it won’t be impressive.
b) DK: Solaris source code
c) JR: Need host-based response system.
d) DK: Crisis system?
e) CW: Include host-based system into Solaris. Loaded kernel
module – read access control list – user/system codes
f) Honey pots for “Red Team” – script a bunch of responses
g) JS: Script good responses and underhanded response to screw the
h) CW: IDIP interface to IP Firewall
i) JR: Or TCP wrappers
j) CW: Andrew Gross from University of Sand Diego – white paper,
k) CW: IPFW execute on command level, dynamic flush
l) JS: Establish a connection
m) CW: There is leeway in how we design the environment; encryption
software. Everything in system is encryption only DSSH running.
3) Chris Wee provides a demonstration of his firewall
in the Security Lab.