Re: [ros-dev] 'Security Controls' GSoC Idea

Hi Guillaume, I gathered from your overview that you're interested in working exclusively on the executive component in the kernel, otherwise known as the Security Reference Monitor (SRM). Is that correct or do you also want to work on user accounts? Assuming so, do you plan on working on a specific area within this or working on the component as a whole? As you've probably seen, it has basic functionality, but some areas are either incomplete or missing entirely. A good example of this is the LSA stuff, I think Eric is working on this area, but he seems to be concentrating on the usermode side of things so maybe this would work out well. Regarding your questions: - to propose your project you should fill out an application form which is available via the GSoC website under our organization link. We can help you with filing this out if required. - It's not an obligation to provide patches when applying for a student position, although it would very much go in your favour if you did as it would allow us to confirm the skills you suggest. - You can use this mailing list to speak about technical details, you have the best coverage here. Alternatively if you wanted a more private discussion, you could email myself or Aleksey Bragin You can find more information here : http://www.reactos.org/wiki/People_of_ReactOS Regards, Ged Murphy. -----Original Message----- From: ros-dev-bounces(a)reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of Guillaume Touron Sent: 20 March 2011 22:18 To: ros-dev(a)reactos.org Subject: [ros-dev] 'Security Controls' GSoC Idea Hello RoS developers, I introduce myself. I'm Guillaume Touron, I'm a French engineering student at National School of Computer Science and Applied Mathematics with specialization in information systems and security. Apart from my studies I am interested in OS development, Windows internals and application security (vulnerabilities, reverse engineering, rootkits...). I read a lot about how Windows internals work (kernel data structures...) and Windows security. I have also some experience in NT driver development and kernel debugger (WinDBG). For many months now, I study RoS source code, and especially ntoskrnl source. This includes object manager, i/o manager, security layer, traps/exceptions management... I checkouted source code and installed RoS build environment and I'm ready to begin development. I also took a look at Se* kernel exported APIs, and tried to understand how security checks were performed. That's why I'm interested in RoS GSoC Idea 'Security Controls'. Indeed, implementing this feature would be a good start to add multiuser experience in RoS which is currently missing, and to manage efficiently users and groups. I think I know what is needed to complete this project successfully and I'm ready to write a detailed presentation/proposal to explain what I understand and what would be my goals. I also did GSoC 2010 last year for Honeynet Project on network security area, but I'm more interested in kernel development. Finally, few questions : What should I do to propose in a formal way my proposal to RoS community ? Is it an obligation to have already send some patches or can we begin development as a new contributor ? Who can I contact to speak about technical details ? Thank you very much. _______________________________________________ Ros-dev mailing list Ros-dev(a)reactos.org http://www.reactos.org/mailman/listinfo/ros-dev