Path: utzoo!attcan!uunet!longway!std-unix From: ahby@bungia.bungia.mn.org (Shane P. McCarron) Newsgroups: comp.std.unix Subject: Standards Update, Part 10: IEEE 1003.6; Security Message-ID: <286@longway.TIC.COM> Date: 1 Jan 89 17:54:23 GMT Sender: std-unix@longway.TIC.COM Reply-To: Shane P. McCarron Lines: 194 Approved: jsq@longway.tic.com (Moderator, John S. Quarterman) [ These Standards Updates are published after each IEEE 1003 meeting, and are commissioned by the USENIX Association. See Part 1 for contact information. -mod ] An update on UNIX|= Standards Activities - Part 10 POSIX 1003.6 Update December 18, 1988 Shane P. McCarron, NAPS International 1003.6 - Security Extensions to POSIX The 1003.6 committee met with the other POSIX committees in Hawaii. At this meeting they decided to divide the work into different groups. The groups were addressing: Audit, Definitions, P1003.6 Scope, DAC, and Privileges. Each small working group met every day, and on the morning of the final day of the meeting a wrap-up session was held to update all the members of each working group's progress. The following information was presented: o+ Audit 1. Goals: - Satisfy TCSEC Requirement. - Reduce the amount of changes to POSIX as much as possible. - Primarily to make audit trail entries. - Portability for audit administration/analysis packages/private applications. - Audit Data Interchange Format. 2. Areas of Investigation: - Definitions - Event/Classes (what are they?) __________ |= UNIX is a registered trademark of AT&T in the U.S. and other countries. - 2 - - Pre/Post Selection Criteria - SSO Interface - Subsystem Interface - Record/File Format - IDs (audit ids,...) 3. Future: - Detailed Input Requested - Interim Event/Classes - BNF for Audit Token Grammar Note that the administration interface issues have been considered to be a HANDS-OFF right now. o+ Definitions The following information was presented: 1. The structure of the definitions will be similar to 1003.1 structure: terminology section, conformance section, general terms, general concepts and acronyms. 2. The draft 0 definitions were based on four documents: ISO, ECMA, IEEE Std 1003.1-1988, and the Orange Book. 3. The GOAL of this group is to assure that 1003.6 definitions are consistent and relevant to 1003.6 areas without overstepping or duplicating existing definitions from other 1003.x groups. In case some of the 1003.6 definitions conflict with 1003.X ones, the action will be to propose a redefinition of the term. o+ P1003.6 Scope The proposed Scope was discussed and the conclusion was that it needed reworking. The area of I&A was considered not addressed, as well as trusted recovery (which the real-time people may need) and others. In the draft a lot of the issues that will not be supported right now are marked so because of lack of experience or not enough technical maturity. The - 3 - important point is not if we have the experience or not, it is to be aware of areas where users want security, areas where the committee thinks security should be provided, and point them out in the Scope. If areas become a problem later, they can be dealt with at that time. For the next draft of the 1003.6 document, the table of contents will contain: Scope, Definitions, Feature Overview, Existing 1003.1 Functions, Existing 1003.2 Commands, Section for Each Feature, and an Appendix. The Feature Overview covers a discussion, functional interface summary and command summary of each feature. Then in the feature section there will be the functions, commands, descriptions and security specifications. In the appendix there will be a rationale that maps to the document sections. It was remarked that all the future features such as Networking and System Administration should be annotated in an appendix as areas that will be covered as extensions. o+ Discretionary Access Controls This group was the one with the most activity, generating a lot of conflicting ideas even within itself. However, they did resolve to put together first the Rationale section of the document and work on the agreeable parts, then later debate the contentious ones. One of the conflicting topics was default Access Control Lists. This is probably needed, but apparently will not be within the scope of the standard. o+ Privileges Privileges is a topic wrought with philosophy, and computer professionals love to be philosophers. In spite of this, definitions of privilege and certain types of privileges were completed. A paper from IBM was taken as a framework for the privilege section. During the meeting a few operations were identified as necessary, although the list is far from complete: getpriv, setpriv, enable/disable_priv, droppriv. Another issue brought to the whole group was Internationalization, and the decision was not to address it as long as they can. This is unfortunate, as the charter of - 4 - POSIX is to be as international as possible. The 1003.1 committee learned the hard way that internationalization cannot just be stapled on later. It must be in there from day one or it becomes extremely difficult to make it work. In the case of security, labeling is an area in which internationalization is a must. If it is not placed in there initially, it may never get in. The upshot of all this is that the small groups produced the guidelines for the next meeting and the topics that are going to be covered for the near future. This group has targeted mid-1990 for a complete draft ready to ballot. The Usenix Standards Watchdog Committee contact for this group is Anna Maria de Alvare. She can be reached at: Anna Maria de Alvare Lawrence Livermore National Laboratories PO Box 808 L-303 Livermore, CA 94450 +1 (415) 422-7007 annamaria@lll-lcc.llnl.gov uunet!lll-lcc.llnl.gov!annamaria Volume-Number: Volume 15, Number 53