The POSSE Project

Posse: a group of people summoned by a sheriff to aid in law enforcement.


Engineering a critical information infrastructure requires trustworthy software components. Such components have proven challenging to implement, as the work involved requires detailed analysis of the ``fault-tree'' of security penetrations, and coping with all the leaves of such a tree. The cost (and delay in time-to-market) for such analysis has inhibited commercial availability of such systems. Yet the need for high assurance systems grows with our reliance on the software components of our systems. While formal methods offer considerable promise, they have failed to successfully describe systems as deployed, and thus represent an additional cost beyond the already onerous analysis. Our approach, Portable Open Source Security Elements (POSSE), will make a dramatic difference. Our team is composed of the core teams of the OpenBSD, OpenSSH and OpenSSL projects with the addition of some University researchers. First, we will deliver security-audited software. There is no ``silver bullet'' which removes the need for analysis and testing in building trustworthy software. OpenBSD has had no successful remote root attacks in over 3 years, and is characterized by its approach of careful audit, including fixing subsystems before they are distributed as part of OpenBSD. It is for this reason widely used in contexts such as embedded systems and systems for security purposes such as firewalls and NFR. Second, a security-focused UNIX variant can inform and influence the design of systems with similar ancestry and ``raise the bar'' for crackers. Any operating system monoculture, whether it be a version of Windows(TM) in the commercial sector or Linux in the open source sector, is extremely dangerous. Finally, we will greatly accelerate our development efforts, and support many desirable security technologies and features.


Specific tasks we will undertake in POSSE include: The most important contribution of POSSE will be its creation of a security-conscious community of open source developers.




Related sites