[apparmor] GSoC proposal text v3

John Johansen john.johansen at canonical.com
Tue Mar 12 02:48:05 UTC 2013 

Alright so we have a GSoC proposal (current text below), through opensuse
and I would like to put a couple of potential revisions to a vote.

1. Allowing for the Go language as an implementation option. I did this
   to allow the student some options. But there are good arguements
   against it, like introducing a new language to the code base.

2. Whether we should add C back in as a requirement and make the base
   library part be in C so it can be shared with the parser. And be
   integrated into the current libapparmor


Current text below

-----------------------------

AppArmor profile development tool

Description: The AppArmor project is a MAC like security extension for
Linux. Its policy is based around profiles that are used to define the
set of permission an application will be granted.

The project goal is to implement a new smarter profile development tool,
that is better at creating abstractions, and inter-profile policy analysis.

The base part of the project will be to implement a library and basic tool
using the library that can develop a profile from audit log files, and basic
user interaction. This tool will replace the existing aa-logprof and
aa-genprof tools, which are unmaintained and out of date.

The remainder of the project will be to extend the base library and tool,
in any of several possible directions
* doing analysis on the interaction of rules within a profile as well as how
  profiles interact. This can be used to simplify rules, suggest
  simplifications or abstrations, and discover potential security holes in
  the provided policy.
* doing static analysis on applications to extract possible rules and rule
  patterns. This can be used to preseed profile development by feeding
  the output into the base part of the project, and find program behavior
  that may not be discovered by standard execution on an application.
* creating a tool to merge multiple profiles together. Working similar
  to logprof, but using profiles instead of a log as input.
* developing a better interface that will aid the user in being able to find
  abstractions, and analyze inter-profile behavior.
* update the existing YaST module to interface with the new profile development
  tool.

Required knowledge: Python or Go,
Helpful knowledge: C and Perl as some components are written in these languages
                   YCP (if the student decides to update the YaST module as part
                   of depenent on implementation route), some knowledge of Perl
                   would be good but is not required

Skill Level: Intermediate - Hard (depends on implementation route)

Mentors: John Johansen, Christian Boltz

Student:

More information about the AppArmor mailing list