[ubuntu-hardened] Towards an Apparmor Certification program

[Michael J Daniel]

I've been thinking about an apparmor certification program
and I want to capture those thoughts.


The goal of the program is to ...
1) encourage developers to include apparmor protections in their programs.
2) encourage users to choose apparmor protected programs.


We should have a distinctive certification symbol, with an overlay 
between "0 %" and "100 %".

"0 %" means there is no apparmor profile included in the package.

"20 %" means the developer has included a profile in their package. Even 
as little as an empty file or a default profile.

"40 %" means the developer has included in their package a human 
readable .txt file listing all the apparmor protected resources used by 
their program and how used. ("Human readable" in this context means 
simplified English, understanding operating systems, but without 
understanding the syntax of profiles.)

"60 %" means the developer has made the profile match the human readable 
text.

"80 %" means the an independent team has validated the resource usage in 
the human readable text is appropriate for this program.

"100 %" means an independent team has verified the profile matches the 
human readable text.


michael

P.S. The most interesting part of developing this idea is that I started 
out thinking someone, other than the developer, would have to examine 
the program source code to ensure an appropriate profile. But this does 
not seem necessary. The only validation required is that the resources 
used by this program are appropriate for its intended use. For example, 
it does not seem appropriate for a paint program to create btrfs 
snapshots. So the validation team would withhold their "80 %" approval 
until the developer either removed it or could justify it. A program 
does not actually have to use all the resource in its profile, just that 
it is prevented from accessing resources it has no business using.