[nycbug-talk] BSDCan ike-notes - SMPng, TrustedBSD AuditLogging

[Isaac Levy]

More BSDCan ike-notes,

Robert Watson gave 2 great presentations, one on SMPng, the FreeBSD 
Network Stack, where he discussed the accomplishments and current 
challenges for improving SMP on FreeBSD at a low level.  Watson, and 
the folks working on SMP, REALLY have their work cut out for them here- 
and their general direction is really solid.  For me, it was cool to 
see dev. details for things I rarely think about- because they just 
work :)
His second lecture, "TrustedBSD Audit: BSM Security Event Logging for 
FreeBSD", was REALLY eye-opening.  Basically, this work revolves around 
creating hooks in the kernel which allow for total event logging for 
system activities.  Every time a file is touched, a process started, 
etc...
2 historical notes struck me, first being this was implemented long ago 
in SunOS, according to US military specifications.  Second, that Apple 
hired McAffe Research, (where Robert Watson works), to impliment this 
work in Darwin 8, (OSX Tiger), for use with Spotlight! (was anyone but 
me wondering how this worked?).  Apple was convinced to release the 
code under a BSD (*not* APSL) license, and this TrustedBSD project code 
is to be merged into FreeBSD 6.0.  Now THAT's cool, and a great example 
of how Apple is contributing back to the Open Source community!!! (Too 
bad apple marketing doesn't talk about low-level open source dev :)
More info:
http://www.trustedbsd.org/


Rocket-
.ike