[Security_sig] 10/13 Conf. call minutes

Chris Wright chrisw at osdl.org
Thu Oct 13 09:52:40 PDT 2005


Argh, wrong date...fixed...

* Chris Wright (chrisw at osdl.org) wrote:
> Attendees:
> ----------
> 	Chris Wright (OSDL)
> 	Ed Reed (Novell)
> 	Dennis Wells (Unisys)
> 	Matt Anderson (HP)
> 	Mary Edie Meredith (OSDL)
> 	Emily Ratliff (IBM)
> 
> Agenda:
> -------
> 
> 	- DCL security
> 	- Other security efforts
> 
> 
> Actions:
> --------
> 
> 	- Emily's list
> 	- Chris's list
> 	- Mary compare CGL
> 
> Minutes:
> --------
> 
> Chris: DCL security document stalled out.
> 
> Emily:  Mary gave us an out by simply delineating the capability gaps,
> esp. the high priority ones.
> 
> Mary: <recap from last meeting> Chris points out that we aren't getting
> anywhere.  I reminded people that DCL goal is to generate missing
> capabilities.  Security section in old DCL doc was random collection of
> security technology.  The review showed that the capabilities were
> insufficient to provide security assurance.  So current doc is working
> with that feedback to discover gaps.
> 
> Ed: Either a social issue with the discussion
> 
> Dennis: CC Eval project manager for RH and Unisys.  Still working
> through vulnerability assessment doc.  We'll have a web security app
> opening up soon, but don't have many details.
> 
> Chris: There are projects that are underway to help push Linux security
> forward, esp in the area of CC evaluation.  E.g. audit work (which
> served CAPP first, and is now moving on to LSPP), and general LSPP
> effort.
> 
> Dennis: Is audit the new system, or LAuS?
> 
> Chris: The new audit subsystem.  LAuS was stop gap for certification,
> but wasn't upstreamed.
> 
> Ed: LAuS was demonstration of Linux ability to acheive CAPP.
> 
> Emily:  File system capabilities patch.  Chris have you looked?
> 
> Chris: Yes (I sent Serge some quick feedback about a month ago).
> 
> Ed: Lack of time slices 
> 
> Emily: Agreed.
> 
> Mary: If things are being worked, then we can also simply monitor them.
> 
> Emily: Do we talk about competitive gaps as well?
> 
> Mary: Yes. Both where we're ahead and where we're behind.  Technical
> gaps would be my priority.
> 
> Mary: if we could get some of the comments, like list from emily,
> the projects chris mentioned, cgl comparison, that would be a starting
> point.
> 
> Chris: BTW, I forgot to mention distributed authentication (like active
> directory) as a gap.



More information about the security_sig mailing list