Hello RoS developers,
I introduce myself. I'm Guillaume Touron, I'm a French engineering student at National School of Computer Science and Applied Mathematics with specialization in information systems and security. Apart from my studies I am interested in OS development, Windows internals and application security (vulnerabilities, reverse engineering, rootkits...). I read a lot about how Windows internals work (kernel data structures...) and Windows security. I have also some experience in NT driver development and kernel debugger (WinDBG).
For many months now, I study RoS source code, and especially ntoskrnl source. This includes object manager, i/o manager, security layer, traps/exceptions management... I checkouted source code and installed RoS build environment and I'm ready to begin development. I also took a look at Se* kernel exported APIs, and tried to understand how security checks were performed. That's why I'm interested in RoS GSoC Idea 'Security Controls'. Indeed, implementing this feature would be a good start to add multiuser experience in RoS which is currently missing, and to manage efficiently users and groups. I think I know what is needed to complete this project successfully and I'm ready to write a detailed presentation/proposal to explain what I understand and what would be my goals. I also did GSoC 2010 last year for Honeynet Project on network security area, but I'm more interested in kernel development.
Finally, few questions : What should I do to propose in a formal way my proposal to RoS community ? Is it an obligation to have already send some patches or can we begin development as a new contributor ? Who can I contact to speak about technical details ?
Thank you very much.
Hi and welcome here Guillaume,
the background you bring with you here just sounds really promising. If you are interested in kernel security, you may also have a look to the KSecDD driver which also provides security components at kernel mode level. You can find some information in the paper the NIST wrote.
Anyway, let's directly jump to your questions:
Finally, few questions : What should I do to propose in a formal way my proposal to RoS community ?
When sending your application for GSoC, you can either choose a subject from the ReactOS Foundation and purpose a new one. At that time, feel free to do so. Just ensure your project is "realistic" and that someone may mentor it. The best way to ensure that is to join us on ReactOS IRC channel (#reactos // #reactos-dev) on Freenode to discuss that point.
Is it an obligation to have already send some patches or can we begin development as a new contributor ?
Regarding GSoC, AFAIK, everyone can send an application. On the other hand, if you want to become a regular ReactOS dev, then you first have to send several patches.
Who can I contact to speak about technical details ?
Well, there are several people you may contact. Regarding GSoC itself, and all the procedures, you might contact our GSoC administrator: Ged Murphy. Regarding security in kernel mode, and more specifically Se* package, you might contact Eric Kohl, a dev who is working on it. Finally, if you want to discuss about the ReactOS kernel or whatever else but in French, don't hesitate to summon me ;-).
Regards, P. Schweitzer
Hi and welcome here Guillaume,
the background you bring with you here just sounds really promising. If you are interested in kernel security, you may also have a look to
the
KSecDD driver which also provides security components at kernel mode
level.
You can find some information in the paper the NIST wrote.
Ok I found it, seems very interesting, I'm going to take a look at.
When sending your application for GSoC, you can either choose a subject
from
the ReactOS Foundation and purpose a new one. At that time, feel free to
do so.
Just ensure your project is "realistic" and that someone may mentor it.
Actually, I'm interested on 'Security Controls' idea from your GSoC idea page. I want to focus on it and write a strong proposal, that's why I want to talk about technical details.
The best way to ensure that is to join us on ReactOS IRC channel (#reactos // #reactos-dev) on Freenode to discuss that point.
Yes, my nickname is Taron__ :)
Who can I contact to speak about technical details ? Well, there are several people you may contact. Regarding GSoC itself,
and
all the procedures, you might contact our GSoC administrator: Ged
Murphy.
Regarding security in kernel mode, and more specifically Se* package,
you
might contact Eric Kohl, a dev who is working on it.
One of your developers sent my address to him, I'm waiting for his anwser now :)
Finally, if you want to discuss about the ReactOS kernel or whatever
else
but in French, don't hesitate to summon me ;-).
Great ^^
Thank you
Hi Guillaume,
I gathered from your overview that you're interested in working exclusively on the executive component in the kernel, otherwise known as the Security Reference Monitor (SRM). Is that correct or do you also want to work on user accounts?
Assuming so, do you plan on working on a specific area within this or working on the component as a whole? As you've probably seen, it has basic functionality, but some areas are either incomplete or missing entirely. A good example of this is the LSA stuff, I think Eric is working on this area, but he seems to be concentrating on the usermode side of things so maybe this would work out well.
Regarding your questions: - to propose your project you should fill out an application form which is available via the GSoC website under our organization link. We can help you with filing this out if required. - It's not an obligation to provide patches when applying for a student position, although it would very much go in your favour if you did as it would allow us to confirm the skills you suggest. - You can use this mailing list to speak about technical details, you have the best coverage here. Alternatively if you wanted a more private discussion, you could email myself or Aleksey Bragin
You can find more information here : http://www.reactos.org/wiki/People_of_ReactOS
Regards, Ged Murphy.
-----Original Message----- From: ros-dev-bounces@reactos.org [mailto:ros-dev-bounces@reactos.org] On Behalf Of Guillaume Touron Sent: 20 March 2011 22:18 To: ros-dev@reactos.org Subject: [ros-dev] 'Security Controls' GSoC Idea
Hello RoS developers,
I introduce myself. I'm Guillaume Touron, I'm a French engineering student at National School of Computer Science and Applied Mathematics with specialization in information systems and security. Apart from my studies I am interested in OS development, Windows internals and application security (vulnerabilities, reverse engineering, rootkits...). I read a lot about how Windows internals work (kernel data structures...) and Windows security. I have also some experience in NT driver development and kernel debugger (WinDBG).
For many months now, I study RoS source code, and especially ntoskrnl source. This includes object manager, i/o manager, security layer, traps/exceptions management... I checkouted source code and installed RoS build environment and I'm ready to begin development. I also took a look at Se* kernel exported APIs, and tried to understand how security checks were performed. That's why I'm interested in RoS GSoC Idea 'Security Controls'. Indeed, implementing this feature would be a good start to add multiuser experience in RoS which is currently missing, and to manage efficiently users and groups. I think I know what is needed to complete this project successfully and I'm ready to write a detailed presentation/proposal to explain what I understand and what would be my goals. I also did GSoC 2010 last year for Honeynet Project on network security area, but I'm more interested in kernel development.
Finally, few questions : What should I do to propose in a formal way my proposal to RoS community ? Is it an obligation to have already send some patches or can we begin development as a new contributor ? Who can I contact to speak about technical details ?
Thank you very much.
_______________________________________________ Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Hi Guillaume,
Hello
I gathered from your overview that you're interested in working
exclusively
on the executive component in the kernel, otherwise known as the
Security
Reference Monitor (SRM). Is that correct or do you also want to work on user accounts?
By reading the entry 'Security Controls' at: http://www.reactos.org/wiki/Google_Summer_of_Code_2011_Ideas#Security_Contro... I assume that some implementation is missing in SRM for multiuser support, am I right ? Then, I do not know what working on user accounts apply exactly, that's why I would like to talk with developers who worked on this area in order to get a better overview.
Assuming so, do you plan on working on a specific area within this or working on the component as a whole? As you've probably seen, it has basic functionality, but some areas are either incomplete or missing entirely.
Again I think it depends on what is actually missing in RoS for multiuser security controls. I can talk about it with others developers.
Regarding your questions:
- to propose your project you should fill out an application form which
is
available via the GSoC website under our organization link. We can help
you
with filing this out if required.
Ok.
- It's not an obligation to provide patches when applying for a student
position, although it would very much go in your favour if you did as it would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
- You can use this mailing list to speak about technical details, you
have
the best coverage here. Alternatively if you wanted a more private discussion, you could email myself or Aleksey Bragin
You can find more information here : http://www.reactos.org/wiki/People_of_ReactOS
Regards, Ged Murphy.
Thank you very much!
The Security Control idea was intentionally broad because ROS is missing quite a few things with respect to security. It can be used as a basis for "I want to work on OS security in ROS" but you will need to refine which part of OS security in your proposal. Ged seems to be pointing you in the right direction though based on your stated interests.
On Mon, Mar 21, 2011 at 5:45 AM, Guillaume Touron < guillaume.touron@ensimag.fr> wrote:
Hi Guillaume,
Hello
I gathered from your overview that you're interested in working
exclusively
on the executive component in the kernel, otherwise known as the
Security
Reference Monitor (SRM). Is that correct or do you also want to work on user accounts?
By reading the entry 'Security Controls' at:
http://www.reactos.org/wiki/Google_Summer_of_Code_2011_Ideas#Security_Contro... I assume that some implementation is missing in SRM for multiuser support, am I right ? Then, I do not know what working on user accounts apply exactly, that's why I would like to talk with developers who worked on this area in order to get a better overview.
Assuming so, do you plan on working on a specific area within this or working on the component as a whole? As you've probably seen, it has basic functionality, but some areas are either incomplete or missing entirely.
Again I think it depends on what is actually missing in RoS for multiuser security controls. I can talk about it with others developers.
Regarding your questions:
- to propose your project you should fill out an application form which
is
available via the GSoC website under our organization link. We can help
you
with filing this out if required.
Ok.
- It's not an obligation to provide patches when applying for a student
position, although it would very much go in your favour if you did as it would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
- You can use this mailing list to speak about technical details, you
have
the best coverage here. Alternatively if you wanted a more private discussion, you could email myself or Aleksey Bragin
You can find more information here : http://www.reactos.org/wiki/People_of_ReactOS
Regards, Ged Murphy.
Thank you very much!
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
- It's not an obligation to provide patches when applying for a student
position, although it would very much go in your favour if you did as it would allow us to confirm the skills you suggest.
Are there specific bugs I could try to fix ?
There's plenty of bugs in our bugzilla. http://www.reactos.org/bugzilla
If you have a play around with the OS and pop into IRC for a chat with the team, you'll soon get a feel for needs to be done.
Ged.
When I saw RoS source code, there was some implementation for SRM (SeAccessCheck & co). Actually, my first idea was to looking for what is missing in this executive component for multiuser purpose. The best for me would be to know what exactly is not implemented yet. I talked with GedMurphy on IRC and he helped a lot. According to him, a standard implementation already exists. But it needs to be improved a lot before being multiuser capable. I will take a deep look at existing implementation on RoS, and compare it to different sources as GedMurphy suggested to me.
Apart the executive component, what other components should be improved ?
Thank you
Just to clarify, I think most of the work in the SRM to support multiple users is already in place. This isn't to say that the SRM is complete, it isn't. It's mostly just token handling and security descriptors which are implemented at the moment. We still need support for ACLs and access state.
The current code needs an overhaul to bring it up to the standard of the rest of the kernel.
Ged.
(SeAccessCheck & co). Actually, my first idea was to looking for what is missing in this executive component for multiuser purpose. The best for me would be to know what exactly is not implemented yet. I talked with GedMurphy on IRC and he helped a lot. According to him, a standard implementation already exists. But it needs to be improved a lot before being multiuser capable. I will take a deep look at existing implementation on RoS, and compare it to different sources as GedMurphy suggested to me.
Apart the executive component, what other components should be improved ?
Thank you
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
You can find more information here :
http://www.reactos.org/wiki/People_of_ReactOS
Apologies, that link should have been http://www.reactos.org/wiki/Google_Summer_of_Code_2011
-
Ged Murphy -
Guillaume Touron -
Pierre Schweitzer -
Zachary Gorden