DragonFly kernel List (threaded) for 2010-03
Google Summer of Code idea
Hello, DragonFly BSD team!
My name is Dmitry Stephantsov, I'm from Tomsk State University from Russia. I'm first year graduate student. I've recently become aware of Summer of Code and started looking for interesting projects. As undergraduate student I've been involved in our local operating system development project which evolved into the development of special programming language and the environment to run programs in it. So, I think OS projects are interesting!
My department is Information Security and Cryptography (which is the part of the Faculty of Applied Mathematics and Cybernetics) and security related stuff are my primary area of interest.
I've looked on the page: http://www.dragonflybsd.org/docs/developer/gsoc2010/
and found some interesting ideas, but I have my own. Since this E-mail address (firstname.lastname@example.org
) mentioned on the page frequently, I've decided to send the letter to it.
First idea — kauth under DragonFly BSD.
My idea is to implement kauth subsystem for DragonFly BSD. Kauth (http://developer.apple.com/mac/library/technotes/tn2005/tn2127.html
) is flexible system of hooks in kernel space that calls function defined in special kernel modules in a chain like. Hooks are implemented for most security-related actions. Modules that use hooks could implement e.g. access control policy or some sort of anti-virus scanner.
NetBSD team have implemented kauth for their OS. They moved traditional UNIX discretionary access control to one of kauth modules and there are researches toward something like jails of FreeBSD implemented on kauth (2008.asiabsdcon.org/papers/P3A-paper.pdf
I think there are benefit from kauth under DragonFly BSD. Some AppArmor- or SELinux- like mandatory access control could be implemented as a module.Second idea — transparent encryption.
I haven't figured out if DragonFly got one but there will be profit from system like dm-crypt on Linux.Third idea — shadow passwords enhancements.
This one is to worm up, I think. I've read on the buglist that DragonFly still uses md5 as primary hashing method for passwords (message dated 20.02.2010 22:54, "MD5 password hash" thread). That's pretty weak method for now considering rainbow tables cracking method. I could implement hashing with sha256 or sha512 functions.
Fourth idea — make something on the list.
"Implement i386 32-bit ABI for x86_64 64-bit kernel" idea seems interesting (lots of low-level stuff).
Few days before I've installed DragonFly BSD on VmWare and have played with it for some time. I've found that cool feature called vkernel — the ability to debug the kernel is nice. I've also loaded source codes with git and studied it for a little ;)
Here is the summary of my words:My name and background.
Dmitry Stephantsov, from Tomsk State University, Faculty of Applied Mathematics and Cybernetics, Information Security and Cryptography department.
- As undergraduate on 3rd year I've been working on OS-related project as my course work. The project was about cryptographically enhancing the Minix 2 operating system (which was available for me at that time, since I've bought the book :)). I've implemented transparent disk encryption layer between file system and disk driver. My mate implemented special bootloader for kernel decryption. Another my mate have implemented special access control mechanism.
- As undergraduate on 4th year I've been working for the environment for special aspect-oriented programming language. The idea was to run the interpreter on bare hardware (as Smalltalk system was run once). My part of job was dealing with processes and multitasking. Later I've switched for language development.
- My current researches are related to aspect-oriented technologies for programming. In particular, I want to find the unified way for implementing security policies in arbitrary information systems.
- As undergraduate student then and as graduate student now I take part in Capture the Flag hacking competitions. My team is named SiBears (http://sibears.ru) and I'm team leader and the coach. We've won Russian CTF competitions (RuCTF) last year (http://translate.google.ru/translate?hl=ru&sl=ru&tl=en&u=http%3A%2F%2Fructf.org%2F2009%2Ffinal_results.html) and took 2nd place on international CTF (iCTF) on December of 2008 (http://ictf.cs.ucsb.edu/archive/iCTF_2008/index.html) — the page is missing final standings now for some reason.
Why I'm interested in DragonFly BSD?
- Strong knowledge/experience in both C and C++ and programming. Primarily for GNU/Linux.
- Strong knowledge of x86 machine architecture, assembly language, binary file formats. Disassembly and debugging skills (thanks to CTF :)).
- Strong knowledge of cryptography. That's what I was taught for about 5 years :)
- Script programming language skills: perl, python, ruby etc.
- Programming language development tools skills: flex, bison, python ply, Spirit (from C++ Boost) etc.
- Experience with both software construction tools (make, scons etc) and source code management systems (svn, git etc).
There are few points on why I am interested.
My free time on summer.
- As I was said, operating systems and programming languages design and development are my favorite areas of computer science. I believe that reflexive part of any kind of activity is the crucial part for understanding the whole. And OSs and PLs are the reflexive part of computations.
- From the Net I've learned that DragonFly BSD team is open minded — it is great to work on something you like with peoples who like this stuff too :)
- DragonFly BSD is not widely developed and there is the chance to take part in serious development.
As graduate student I've got some duties at the university. On April I'm going to two CTF competitions (one on 2-4 of April in Moscow and one on 23-26 of April in Ekaterinburg). On may there will be some teaching activities (exams for the undergraduates) but they shouldn't take much time. On this summer I've got almost free of duties may, june and august. On july I'll be spending a weak for summer school where I'll be teaching students some basic hacking techniques. Also I'll go to my parents for a weak or a weak and a half. The rest of my time I can spend for the project.
Wheew... Thanks for reading that far! I hope, its not too late for me to write this letter :)
Best regards, Dmitry A. Stephantsov