From: epst...@trwacs.fp.trw.com (Jeremy Epstein)
Subject: POSIX security: call for participation
Organization: TRW Systems Division, Fairfax VA
Date: Wed, 17 Mar 1993 21:12:20 GMT
POSIX 1003.6 (Security) Working Group Organizing New Subgroups
For the past year, the P1003.6 Working Group has been focused on resolving
ballot objections to the current draft standard. Starting at the April
meeting in Irvine, several new subgroups will be formed to investigate
the development of standard security interfaces for additional functional
At the P1003.6 meeting in New Orleans in January, the group came up with a
list of potential areas where work could be performed. Note that this list
is not necessarily exhaustive. It is simply a starting point. The actual
areas to be worked will be determined, to a large degree, by the wishes of
the people who show up to do the work. If you have a specific area of
interest, you are strongly encouraged to start attending the meetings on a
regular basis, starting with the April meeting. Those of us who have
participated in the group over the last few years have found the work
interesting and rewarding. Our companies, who have sponsored our
attendance, have also found our participation to have significant value.
The current draft would not be coming to fruition were it not for the work
of all those who have participated in the Security Working Group (1003.6) -
a dedicated group of individuals representing many different technical
viewpoints. If you are a member of that origina group, we welcome you back
as we start our new efforts. If you have not participated before, but have
an interest in any of the topics below, or any other related topic, we
also welcome your participation. The broader our base of expertise and real
world experience, the better the resulting standard will be. Your efforts
will make a difference.
This working group is known for working hard, and playing hard.
It is a group dedicated to the development of security interfaces.
Although the meetings can be lively with contentious technical discussion,
the group also has been known to have fun together. You too can
become a part of the group that introduced the Bunny Hop to an unsuspecting
Europe; was remembered by the staff at a major hotel the next year ("Are THEY
here again???"); was observed at the bar in the Holiday Inn at 1AM with
4 notebooks plugged in, working on the draft; as well as many other
moments too numerous to be recounted here. P1003.6 is a very active group,
strongly committed to the standards process, very receptive to new members
and new ideas, working together well as a team.
If you have any further questions about the working group or the upcoming
meeting, please contact the Acting Vice Chair, Lynne Ambuel (410) 859-4463.
She can also be reached electronically at Ambuel @ dockmaster.ncsc.mil.
We hope to see you in Irvine!!
List of Potential New Functional Areas
Administrative user interfaces to security-related mechanisms is
an area that was specifically determined to be "out-of-scope" for
the original 1003.6 effort. However, the group understands that
this is an area that needs to be standardized so that an
administrator's interface to portable systems is predictable and
well-defined. The Security Group (1003.6) met with the
Administrative Services group (1003.7) to discuss possible
overlapping areas on which security attributes should be handled
in their proposed user database. After a period of discussion, it
was agreed upon that some kind of liaison should be established
between the Security and Administrative Services Groups
The possible security administration areas that could be addressed
are listed below:
Job Control Management
User/Login Management - User Accounts
Terminal Management - Session
General Cryptographic Services Interfaces
Generic interfaces to cryptographic services was not
within the original scope of the 1003.6 effort.
However, there were specific ballot objections to Draft 12
of the standard because it did not include any such
interfaces. The ballot resolution group agreed that the
interfaces are needed and that they should be addressed.
A balloter has provided a series of interfaces for checking
the integrity baseline of a system and for generating
and verifying digital signatures. This 'proposal' could be
used as a basis for developing the interface for
Encryption was also considered to be of importance in
cryptographic services. This would include interfaces
to keying algorithms, as well as encryption and decryption services.
The emphasis would be on a creating generic algorithm-
A major problem with dealing with standardization of
cryptographic services at an international level is
import and export restrictions on cryptographic services
and algorithms. This is true not only between US and
Europe, but also between national boundaries within Europe.
However, the feeling is that these trade barriers seem to
be weakening and this effort is therefore a worthwhile one.
Identification and Authentication
Identification and Authentication (I&A) was identified as
being out of scope in draft 12 of the 1003.6 document.
However, it is acknowledged by the members of 1003.6 that
I&A is an integral part of protection mechanisms and should
be considered. UNIX login, for example, is widely used and
should be included in the IEEE POSIX API. I&A was considered to
be one of the most important new work items by virtually all of
the members present at the New Orleans meeting.
Thus, I&A will most likely become a new work item
for the 1003.6 group. In addition, discussions with the
Administrative Services group identified I&A management as
a security service with security attributes.
Topics to be considered under I&A include:
* Credential Management - Identification and maintenance of
credential information needed for proper identification of
* Credential Manipulation - Modification, duplication and
delegation of credentials of a user.
* Passwords - Passwords were reluctantly added to the list,
not because they are not important but because of the fear of
establishing a standard that would be bound to a password
mechanism. It was the opinion of the group that FIPS 112
should be looked at for ideas and direction. In addition,
the UK government password guidelines could be used as
input to this effort.
* Additional Authentication - Additional authentication mechanisms
should be identified and researched. (e.g. smart cards,
biometrics, etc.) However, the group would concentrate on
developing APIs to these mechanisms without setting a
standard as to which one should be used.
* Identifier Management (User) - Identification and maintenance
of information needed to properly identify a user are to be
included in this effort. Items such as name, clearance,
organizational code could be considered along with any other
information that could be used to determine security related
privileges of a user.
Security Liaison Efforts
The original scope of P1003.6 included adding new interfaces
for security-related functions to P1003.1 and P1003.2, as
well as redefining those interfaces within P1003.1 and
P1003.2 that provided security vulnerabilities for
complying systems. The latter portion of this scope now needs
to be extended to the other IEEE POSIX standards that are
being developed, to be sure that there are no inherent
security flaws in those systems. In order to accomplish
this task, the IEEE P1003.6 Security Working Group sees it
as very important to keep track of, and have an active
liaison with, other POSIX working groups that have now, or
in the future may have, security implications. An active
dialog with these groups will lessen the possibility that
any security flaws are mandated in systems developing to
This includes the following:
* 1003.1a extensions to ISO 9945-1:1990
* 1003.2b ISO revision of 1003.2
* 1003.4 real-time
* 1003.4a threads
* 1003.7 administration
* 1003.8 transparent file access
* 1003.12 protocol independent network specification
* 1003.15 batch services
* 1003.17 directory/name services
The goals of this work are to ensure that security issues
are either addressed directly by the affected working
groups or brought to the attention of the security working
group for inclusion at a later stage in the list
of "new work items", as well as to ensure a better
understanding of potential security issues in other
specifications. It is also important for the working group
to understand the security impact of these other interfaces
on the 1003.6 specification.
The IEEE P1003.6 Security Working Group will investigate the
development of security extensions for Networking Services.
These extensions will work within the guidelines described in
the evolving IEEE POSIX Distributed Security Study Group's
proposal "A Distributed Security Framework for POSIX".
The group will address security extensions and new interfaces
to allow security services to function in a network or
distributed system environment in the following potential areas:
* Secure RPC: interfaces need to be defined which allow for
the selection of a variety of security services including
identification, authentication, and possibly access control.
* Authorization and Access Control: current authorization and
access control interfaces should be extended to work within
a distributed system environment.
* Distributed Management Interfaces: interfaces should be
defined to allow the management of the variety of security
attributes and services necessary in a network or
distributed system environment.
* Auditing: extensions to the security auditing interfaces
need to be defined to allow auditing to work in a network
and distributed system environment. For example, the audit
interfaces need to provide the ability for servers to audit
events on behalf of the client. Likewise, the auditing
interfaces need to provide services to handle audit
trails which may be spread across multiple systems.
* Credential Management: interfaces should be defined to
manage user credentials and their associated attributes
in a network-wide or distributed system.
The IEEE P1003.6 Security Working Group will investigate
the development of standard, portable formats for access
control lists (ACLs), mandatory access control (MAC) and
information labels, file privilege states, and audit trails.
Developing standard, portable formats for ACLs, labels, and
file privilege states is necessary to preserve security
relevant attributes of objects when importing and exporting
those objects between non-homogeneous (and sometimes even
homogeneous) platforms. Developing a standard, portable
audit trail format is necessary to preserve the usefulness
of audit trails when importing and exporting audit data
between non-homogeneous platforms.
This effort will include interacting with other POSIX
working groups that are developing standard interfaces
that should utilize these portable formats.
AGENDA FOR IRVINE P1003.6 Security Working Group Meeting
The IEEE POSIX Working Group for Security will meet at the Irvine
Marriott Hotel in Irvine CA during the week of 19 - 23 April. More
information about registration and attendance to the meeting can be
obtained from Brenda Williams at the IEEE Computer Society. Her telephone
number is (202) 371-0101. The telephone number of the conference hotel
is (714) 553-0100.
The April meeting of Security working group (P1003.6) will have
two purposes: to resolve ballot issues for the current draft standard
and to define and begin formulating the new set of protection interfaces
for several functionality areas not encompassed by the current draft.
There will be both large group discussions and small group work sessions.
Mon, 19 April: 9:00-11:30 Discussion of the new interface areas.
Formulation ofnew subgroups.
1:00-2:30 Discussion of Liaison issues
Selection of liaisons to other working groups
2:30-5:00 subgroups meet
Tue, 20 April: 9:00-5:00 subgroups meet
Wed, 21 April: 9:00-5:00 Open discussion with Ballot Resolution Team
regarding significant changes to the draft
required to resolve ballot objections.
Thu, 22 April: 9:00-5:00 Ballot Resolution team meet to continue the
ballot resolution process.
9:00-5:00 Liaisons will meet with their target working
9:00-5:00 subgroups will continue to meet.
Fri, 23 April: 9:00-3:00 Ballot Resolution team meet to continue the
ballot resolution process.
9:00-3:00 Liaisons will meet with their target working
9:00-3:00 subgroups will continue to meet.
3:00-5:00 Closing plenary to discuss progress and to
task any work that needs to be done before
the July meeting. If this plenary is deemed
unnecessary, each of the above groups will
continue their own work.
WEDNESDAY OPEN DISCUSSION ON 1003.6 BALLOT ISSUES
In the process of resolving ballots on the P1003.6 document, several
contentious technical issues have been raised that the ballot resolution
group feels should be brought before the working group as a whole. These
issues are ones initiated by some balloters and disapproved by other
balloters. The changes mandated by these balloters would fundamentally
change the technical basis on which the interfaces were written. The
following list is a sample of some of these issues. Other issues may also
be raised. The ballot resolution group will lead this discussion and welcome
input from all those present, whether or not they are currently part of the
1. A set of balloters have objected to the inclusion of specific
privileges in the standard.
2. A set of balloters objected to the inclusion of the mask
mechanism in ACL section of the standard. The mask was removed from draft
13. A different set of balloters have now objected to the removal of the
mask from the specification.
3. A set of balloters objected for the inclusion of multi-level
directories in the standard. These interfaces were removed from the standard
for the Draft 13 ballot. A different set of balloters have now objected
to the removal of multi-level directories.
Jeremy Epstein Internet: epst...@trwacs.fp.trw.com
Trusted X Research Group Voice: +1 703/803-4947
TRW Systems Division