July 9, 2001 3:30 PM PDT
U.S. helps fund FreeBSD security project
NAI Labs, the advanced research group of security-software maker Network Associates, announced the grant Monday. The group administers the funded Community-Based Open-Source Security, or CBOSS, project.
"Security can be seen as an investment and a form of insurance," said Robert Watson, FreeBSD Core Team member and a research scientist at NAI Labs. "We're taking a multipronged approach to address a number of parts of the security problem: Some have to do with an immediate short-term payoff, but many of them have to do with exploring how to make FreeBSD a better platform for new security work so as to facilitate future research."
FreeBSD forms a major part of the foundation of Apple's Mac OS X, and it is possible that Darwin--the Unix foundation of Mac OS X--could adopt any security technology added to FreeBSD.
"Interestingly, much of the results of this research should apply across all operating systems, and we hope it will therefore have far-reaching effects," Watson said. "Apple has expressed a strong interest in pulling in new technology from FreeBSD, and specific interest in the security features we're helping to research and develop."
The grant was awarded by the U.S. Navy's Space and Warfare Systems Command as part of a Defense Advanced Research Projects Agency (DARPA) initiative to secure open-source operating systems, which are increasingly used in sensitive government applications. DARPA is the arm of the Defense Department responsible for funding private-sector projects.
NAI Labs' CBOSS project aims to add a common set of security features to open-source operating systems, including encrypted file systems, hardened network components to protect against denial-of-service attacks, and extensions to the kernel to allow future security improvements to be easily plugged in.
NAI will subcontract much of the work on the 18-month effort to open-source programmers. At least four open-source developers will get part of the grant to fund their contributions to the project.
This is not the first award by DARPA for open-source security.
As part of its five-year Composable High Assurance Trusted Systems, or CHATS, program, DARPA has handed out grants to projects that focus on the development of systems and network services that can protect themselves from malicious code and other types of network attacks.
For example, the Reiser file-system project, which has created a faster, more robust way of storing data using a concept known as journaling, has received $600,000 to add encryption to the next version of the file system.
Journaling uses a log of what files have been changed or modified--a journal--to keep track of the state of the file system. When a computer crashes, or is turned off without shutting down, the file system can be quickly restored to its proper state.
DARPA has specifically requested that all CHATS projects include unclassified work from the open-source operating system development community.