[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Auditing File Changes



On 7/10/06, eklinger uci edu <eklinger uci edu> wrote:
> Maybe it's the way you've described it, but this sounds like a very
> contrived and fickle security mechanism.  I really don't understand the
> purpose of your encryption, can you elaborate any?  Maybe I'm just
> confused with the example you gave.  Further more, if you want to
> restrict operations on a given a file, why reinvent the wheel, it's
> already doable.  Also, the audit subsystem does log events describing
> "copy" events, renames, linking, unlinking, open's, close's, file
> attribute modifications, etc, without the need for modifying specific
> programs.  Decompose the "abstract" event of cut and paste into its
> system-calls and there you go.
>
The original idea was to prevent the user from opening the file in any
text or hex editor and changing the file or the file's allowed operations,
which would be stored in the file itself. However, if we can capture the
open call we may not need the the encryption afterall. All of this is just
a proof of concept. It will need to be refined much more before we do the
actual implementation, which is why I'm here to get these comments and
ideas from the community. :) We do not want to reinvent the wheel but the
permissions need to go beyond the basic read-write-exec since engineers
will need to modify the source code files but we may not want them to copy
them to a usb drive or email them, and we want the permissions to be in
place across platforms.


Well a lot of things I think you need are not in place yet (MLS/MCS X
server, and some other parts (webcam audit :)))

If you need a solution now then you need to go to the standard
physical beats technical listings:

1) Dont put the boxes on the internet. If they need internet access it
is done via a two system enclave and/or a one way transfer of data via
diode.

2) KVM with a trusted KVM system and put the CPU/hard-disks in a
controlled vault type enviroment. If a system has to be in the
physical control of the engineer then epoxy any port that isnt in use
(USB, Firewire) and physically tie down the keyboard/mouse etc to the
box.

3) Design processes for handling data between enclaves, handling data,
how to handle removable media, etc.


--
Stephen J Smoogen.
CSIRT/Linux System Administrator


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]