Hello, Robert Watson of the kernel cross-reference and other fame gave an impromptu yet compelling presentation at EuroBSDCon about his CAPP (Controlled Access Protection Profile) and OpenBSM work on FreeBSD and Darwin and I am curious if any work is being done to implement/import this work into OpenBSD. I found the "log and audit at all costs" approach of CAPP/BSM most interesting: whereas any user can pump just about any data into syslog, CAPP/BSM dictates for example that a system must optionally slow down to accommodate incoming logging and in fact halt if it cannot accept more. This is a bit extreme but maps out just about any level of paranoia and is the new target for some government systems.
The paper: http://www.trustedbsd.org/20060303-ukuug2006lisa-audit.pdf Best regards, Michael Dexter