--- title: WWDC2003 Session 622 framework: wwdc role: article path: wwdc/wwdc2003-622 --- # WWDC2003 Session 622 ## Transcript Kind: captions Language: en good morning welcome to our session today we're going to be talking about well network security best practices for OS 10 before we get going I just want to do a little housekeeping and introduce my co-presenters so rather than you having to hear me for an hour drone on about OS 10 I have some cast members over here and I'll introduce them in order of appearance because I don't think we do that on the slides first comment will be David O'Rourke Davis one of our engineering managers and David's responsible for directory services and authentication with an OS 10 after Dave will have John Hurley John is our security off excuse me security policy architect for OS 10 and John just recently became a famous apple employee he does know I'm going to do this John is actually the only Apple employee I think ever to get his picture in the OS I don't think Steve has even been able to do this if you poke around you might be able to find it later maybe we'll have a prize whoever can find John by the end of this session and then finally Sean Geddes will be joining us at the end for batting cleanup and sean is a system engineer for our federal group and sean is also the chairman of stas the secure trusted operating system consortium ok flip laws out there okay so I think the best way to frame this discussion today is is to just admit that you're all intelligent people and you know your networks better than anybody else and they're all very different some are standalone networks don't require any passwords at all some have light security requirements others are very heavy globally dispersed VPN access Kerberos requirements for authentication so rather than to tell you this is the way to plug it into this particular network we're going to let you make that decision yourself unless you are me with the information rather to give you the tools let you know what's in OS 10 so you go back and make the right decisions for your own network so when we talk about network security at Apple this is the definition we work from here there's many very definitions out there also if you look at you do a little web research and network secured you'll find all kinds of varied things different policies waste of your policies all the way down to how the secure your firewall so this is what we're going to work with today so the focus at Apple first is really communication in data security for us it's about not just storage of your information keeping that secure but rather how it traverses the network too so the data is what we're really trying to secure and how do we do that first we control access to it to system and services through authentication and authorization and then finally the management of that access okay which is very important so our design philosophy it's really put it in at the core let's not put it on later on let's build it right in OS 10 was a brand new operating system and allowed us to really take a look at it and our security policy architect John was very instrumental in that we took the conservative approach this surprisingly is fairly new most folks didn't lock down the fort so we'll get into more of this later but a lot of new installs of some very famous operating system that I won't mention them here are quite open to exploits right out of the box the US open source so everybody here can look at the code make sure it's secure there's no back doors that can be verified open standards why are they good we'll get into that later as well and of course the Apple trademark easy to use and manage if security is not easy it just won't be used people just turn it off and that's no good so you got to make it easy to use so like I said security at the core of the OS r at the core is Unix so we leverage the UNIX core that's already in there with the file permissions the services are built right in your home directories and file permissions are all set to segregate your information from other users multiple accounts is built right in and protected memory so if a rogue app gets ahold of the system it's not going to crash it by taking over the memory like I said security excuse me conservative default services are off by default no ftp servers web server is off all ports are closed it's locked down the root account is disabled like I said we close the port and also we turn off telnet telnet is insecure basically and we have opted for ssh you can turn on telnet but it's not that easy to do we don't want you doing it by by accident so what is true security is a famous quote here from Bruce what I believe is what Bruce is trying to tell us is that physical security is paramount the basis for all security is is physical security if once that's compromised once we get to hold of your machine it's all over you may have the best encryption on there in the world but if I hit it with a sledgehammer there goes your data so let's talk about the physical security within OS 10 and also there's some enhancements those 10 has for physical security and apples security built into its products of course you can lock the cases so they don't get removed with apple has a lot of experience in the education market and things tend to disappear from universities maybe the kids are just borrowing them I don't know once you lock it you can protect the memory protect all the critical components of that computer and it protects the firmware settings which we'll talk about in just a second and then server service got a lot of neat security features if the front of the case is locked you can't mount firewire hard drive you can't mount USB also there's a monitoring system in it so if the case becomes open you can alert you to that so open firmware security just by a show of hands I can kind of see you out there does anybody know about open open for more security oh great a bunch of you so I can't say enough about this this really enhances physical security so if for those of you don't know it's it's analogous to the windows bios password lock analogous but it it disables the snag keys from startup so if i turn on open former security which is a free download from apple com you can't boot off of a CD you can't boot up off of a network drive i won't even mount it won't turn it into target mode which can be kind of a security problem it's a thing just turns into a firewire hard drive it's laughter up front yeah by the way sit down there it's a superset of I Tripoli 1275 and little trivia I Tripoli 1275 is the only standard have its own song I don't know if you knew that you go to the website you can listen to it so the security services within OS 10 like I said before authorization authentication we have the crypto built-in and the certificate handling John will jump into that and a lot of death and give you a good understanding of that but that's really the core around the wrapper if you will around the UNIX core so authorization controls once I figure out who that user is what can I let them do within the system we've got a couple nifty little apps built into server and the desktop itself some may or may not be familiar with but you can limit what the users can do as you know our OS has you have an admin and you have a user if you will but you can tweak the control to limit really what's going on within that OS and we'll go into that as well so as you can see here just for user this is just local and Dave will get into more of the global more scalable authentication or choosing authorization and authentication but you can see you can limit what the user does so in a very small shop this is a great way to keep people from hacking their machines or the network themselves so you don't have to go back and redo what they've done repair the damage so now bring up Dave thank you sure for those of you who haven't seen me too much this conference my name is David O'Rourke I'm going to be here to briefly go over authentication and directory services we went into a lot more detail on these topics in session 607 and 610 if you didn't have an opportunity to catch me I'd recommend you get the developer DVDs we go into a lot of excellent detail and we're going to be going over things that are pretty high level at this point so authentication services most if you type a password into Mac os10 99 times out of 100 it will flow all the way down and hit directory services so all password authentication is done using the open directory architecture the reason we do that is we want not only is Apple want to provide a variety of ways for users of passwords to be authenticated but we also want you to be able to plug into the open directory architecture and authenticate users however you see fit for your site so it's both the solution for apple and an opportunity for developers and customers what apple provides in terms of network based authentication is we provide a password server which provides support for legacy authentication protocols this is secure on the network you cannot download hashes the only authentication methods that supports our secure challenge-response authentication and as you may have heard at the conference once or twice we're offering and really going forward with kerberos so moving forward we take authentication services on the network very seriously we're integrating them into open directory we already offer some very credible network security around the password server immigrants and removing aggressively into the Kerberos space for enterprise architecture again open directory enables integration with existing directory services we support ldap we support and I asked your yellow pages for those of you have been around quite a while net info active directory and local bsd configuration file the open directory server is a ldap server that offers us a self support is based on openldap 2.18 currently is what you have on your Panther build will be investigating updating to the latest builds I've heard there's some later builds of openldap we have a very easy to use open set up assistance like three clicks to deploy an LDAP server and it's entirely based on openldap you can download the source you can look at it we have some changes all of the changes we've posted back to the Darwin website for those of you not who didn't get a chance to go to session 16 this is the open directory architecture the blue box is at the bottom would represent applications such as login window or maybe the authentication dialog that comes up when you click on the lock icon in system preferences most of the time those end up calling the open directory API is the open directory API figure out which plugin is hosting that user record and then we engage with whatever directory system has been configured to conduct an authentication our authentication is no better or no worse than the directory system that you deploy your site if you're comfortable with the directory system that you've deployed at your site the authentication method is using open directories exactly as secure as that as as that deployment if your directory system is not secure open directory cannot add security to that environment so you can have a mix of clients you can have Macintoshes on the network sharing directory data you can distribute the directories and force the Macintosh is to use a particular directory system through your DHCP infrastructure ldap can be there we have the authentication authority record which lets you actually mix user records in the directory so you could have some users for the crypt base you go some users with a password server based and you could have some users sort of Kerberos base the authentication authority lets you pick the appropriate security for your user records at your site and home directories can be mounted over authenticated protocols we already support AFP authenticated home directories we support SMB and Panther SMB home directories so you're not mounting home directories over NFS which I've heard historically may have some security concerns the open on the open directory authentication is entirely standards-based the password server is not something we built from scratch it is something we built from scratch around an open source protocol in that protocol with saffle baffle is very secure it doesn't support clear text authentication well it can but we've removed it and you can add my it's modular and you can add new authentication methods such as server without a lot of effort the password server also provides policy enforcement how many of you have policy enforcement at your site you want the users to change every 30 days minimum minimum password length character set enforcement must contain a symbol Wow for security conference I want to see more hands so you need to deploy the open directory password server we can do all of those security enforcement's and make sure that the passwords your users are choosing or not guessable have high quality and are change frequently enough to matter the password server will also disable inactive accounts say you have a contractor on site and he hasn't logged on in the past three weeks and you don't want them coming back and logging on without checking with you first you can set up the password server to disable inactive accounts that haven't logged on recently the pastor server also provides one very unique feature which is you have the same password for multiple services if you deploy multiple Mac os10 servers or other servers and point them at our ldap server with password server you get one password for all of your services you get the same password for imap as you get for AFP as you get for SMB they don't even have to be deployed on the same physical server so that means the password quality that you're enforcing in one protocol carries over to the other protocols that means when the account is disabled it's disabled for all of these protocols Kerberos how many people have Kerberos deployed at their site yes we are going with kerberos in a very big way Kerberos I believe stands for the three-headed dog that guards the gates of hell I thought that was a very interesting choice by the original Kerberos team as their product we are basing all of our Kerberos work on MIT kerberos work we simply take the MIT source code enhance it and integrate it with our with our with our work this is going to be Apple single sign-on strategy moving forward next year you're going to hear even more about Kerberos we're Kurt we're aggressively carburizing a lot of applications we already provides mail there's the third party products for fetch for kerberos ftp telnet is carburized although we turn it off AFP is carburized and in Panther SMB is Kerber eyes and what's not on this list is Panther is going to have curb erised ssh so look for more curb erised protocols from apple look for a Kerberos server and Panther server you will be able to deploy a Kerberos server with the same amount of clicks as it takes to deploy an ldap server because you won't have a choice if you turn on the ldap server you have also deployed a Kerberos server workgroup manager how many of you use managed desktop okay for those of you are already used it you you recognize that you can put all of your policy management information in the directory so you can have your LDAP directory host your dock preferences your security preferences well the tool that you use to modify those preferences and force your users into those into those architectures is workgroup manager worker manager allows you to manage groups users and computers you can enforce privileges per computer you can enforce privileges / workgroup and you can enforce privileges per user it controls access to software hardware and network resources so I can control which applications a user can and can't run mini k12 sites disable the students launching terminal if they can't run terminal they can't run command line tools it kind of limits their ability to hack around in the system you can manage system preferences you can manage which system preferences the user can do you can force energy saver settings hold kind of things there's a whole session on the details of managed desktop I recommend you look at it but worker manager is our directory based tool that lets you do that and because worker managers based on open directory you can put those preferences into any directory system that you've deployed we stored in RL that v3 server but if you configure openldap to or two configured your open directory to point at a different directory server you can use worker manager to get the macula 10 policy information into the directory server of your choice we have one customer we're working with who's writing a plug-in for open directory to oracle he's going to make the plug-in read/write he seemed going to use worker manager just shove policy information into his Oracle database to manage his desktop so what I'd like to do at this time is bring up John early to talk about security services and I thank you for your time [Applause] great thanks Dave is eric mentioned I'm John Hurley the security policy architect and I'll go over actually at a pretty high level some of the different security pieces that we have sort of the lower level of the OS we have had a couple of sessions already one on Monday on security overview and another session I think yesterday on certificate api's we have a feedback form this afternoon so just a few other pointers so kind of the core of I guess it's really our middle layer of security is the common data security architecture and this is an open group standard that was originally developed by Intel that we actually used on OS 9 and have continued to use in OS 10 we've implemented the 2.1 version of the spec and this is responsible for doing all the cryptography the certificates things like that so that's a very important building block for the security on our system we have rather than just taking this one set of api's and just sort of pushing that out as a very extensive set of AP is we've added another layer on top of that we call layered services to try and make it easy for developers to to use these services without having to know all the gory details down below so for example keychain is all built kind of on top top of this higher level a lot of things that you may not think about say for example safari that is you calling through to secure transport which calls through to CDFA and so if you're changing things in the certificate route search database down below that's going to be used by Safari it's going to be used by anybody else that's using those api's so we're really encouraging developers to to use those ap is so that they can get the consistent experience for their users it is very very customizable API you can write different modules to do different things for example different security trust policies for certificates Perry went into pretty good detail of that you can check that out on the on the DVDs we have done almost everything everything that's in there that's not you I is open source so if you want to see how we did something some of the say the authorization framework or you know how we did secure transport that stuff is available in the Darwin repository so here's kind of a simplified overview of how CDFA is put together and you can see the different layers that we have there the bottom layer are the plug-in modules cryptographic service providers are excuse me they implement the all the different cryptography algorithms aef Triple DES things like that you know hashes like sha-1 and md5 certificate library and trust policy module deal with managing and dealing with certificates so the certificates that we support on OS 10 are the x.509 certificates but it would be possible to write the certificate library to support other kinds of certificates the trust policy module has a bunch of different policies in there and we have really good support in Panther now including you I panels for letting the user manage the trust on a particular certificate and picking the policies that a certificate or an identity is is going to be used for the data store library is a place where you can store cryptographic information or actually other information it's pretty much just the database portion of CDFA the key chains that you're probably familiar with are actually a combination CSP and dl module combined together so that it knows how to retrieve encrypted information and store encrypted information the layer above that the cssm layer that is roughly analogous to crypto API on the windows side but one of the big differences as I mentioned is we have this layered services layer that makes it a lot easier for people to get into it you can you know pretty easily do things like for example the keychain AP is at the low level I don't know maybe there are probably 20 or 25 keychain APRs but what most developers end up using if you're not a you know security intensive application you're going to end up you know using find generic password add generic password expensive you don't have to worry about any of the details down below where this stuff's getting stored how its encrypted presenting you I to the users all that stuff is is built in up at the top layer you can see some of the different applications on the system that are using these services you know either directly or through some of the system frameworks that we have built in so for example disk copy when you create an encrypted disk copy image that is calling through these api's mail uses it to store your passwords keychain access of course Safari uses it for not only passwords but also a certificate support so here's just a you know one example of the certificate you I kind of a portion of a screenshot there but we we have put in really good support on Panther for dealing with certificates and something that I'm really happy with we we did the best we could for Jaguar we tried to get like a you know a useful subset but it's just very very difficult to implement this full standard and really get it working the way that Mac users expect you know just very very easy to use we also wanted to make it very very easy for developers because we knew what a pain in the neck it was to have to deal you know to write this screen and looking up you know a zillion different fields and trying to figure out what the standard said about how they should be presented or what the values were we just didn't want people to have to go through that same pain so we tried to make it available and I think we did a really nice job in Panther with that we have support for a lot of different certificate formats so for example pem format certificates if you take a you know a dot CER from another platform you can double click on it and it'll be imported into your keychain we can handle simple pkcs12 formats so that you know for example if you have an identity that you got from verisign or someplace like that you can import that into the keychain it doesn't support things like nested you know multiple e nested pkcs12 files but you probably won't run into those we also have added support for crls and we have a really nice UI for dealing with user management of trust settings so you can say okay for this particular certificate that i have i only want to trust it for ssl transactions you know use on a web page where you can say no i want to be able to send signed and encrypted email with the certificate so the user can choose those kind of things or they can say things like don't ever trust this certificate i just know that it's bad it might say that it's good whatever just don't trust it this is kind of a brief list of things that i mentioned that are supported in the CSP so you know we really try and use aes because that is the you know officially supported standard by nist its kind of actually amazing to me to see just very large companies somehow saying well yeah definitely by next year we'll have that aes thing nailed you know and i'm thinking gosh we did this whole thing like the week it wasn't even finalized yet we already had a es in there but anyway we do support things like trick des and Triple DES because those are still around you know different types of keys we support DFA and RF a public keys okay so I I mentioned briefly before that disc copy uses the CD s a framework and the algorithms in there this encrypted disk copy images are a really really cool feature if you don't actually only have how many people know about encrypted disk copy images okay good I for anybody that didn't raise their hand you got to learn about it it's it's a very very cool thing we've made it easier int answer for users to use it and in some cases kind of made it transparent like for example file vault is underneath that it's using an encrypted image even if you're not using that you can create them from the command line or using Disk Utility it's moved from the disk copy application into disk utility on on Panther but these images can be they can be grown you can make them pretty small I have one on I think I have you know one of these little devices here this this one actually has a fingerprint reader on it so I have I have true three factor authentication on this something I have something I know which is the password to the encrypted image that's stored on here and some thing I am which is my fingerprint so this is cool you can put in your you know PGP keys you can put in you a copy of your key chain I don't know it's just very useful the other thing to note about it is that they're very high performance so it's I mean it you can imagine all the things that it depends on but just a particular test system we had set up it took like about ten percent over the cpu or sorry ten percent over the disk speed overhead so it's just a little bit it was almost free but not quite so hopefully we'll get there at some point make it totally free just a screenshot it's pretty much the same as making any other encrypted in or any other disk image except that there's one pop-up menu that allows you to choose the encryption method current we we just support one encryption method which is a es but it is built on top of cdsa so we could support different algorithms at some point okay it's going to go quickly through teaching access I'm keychain has been in the US since actually 8.6 so at this point I would imagine people are kind of familiar with it we every user on 10 since 10 point O has had a keychain by default and it's unlocked when you login one change that we've made going to answer is that now a new years user that is created will have a login keychain as opposed to just the default keychain like before we had you know if my account was John my default key chain would also be named John now it is named login keychain and that was that allowed us to help determine which keychain people were really really using for their login keychain it also made it easier for people to make a second key chain in case they didn't want to have one unlocked by default it's it is a networks a format so you are it's okay to put you know your passwords and whatever into that file it can sit out on a network server we're really pretty confident about the integrity of that file so even if it is left out you know somewhere it's unlikely to be be able to be attacked internally we use it for all kinds of things as I said we have passwords in Safari that are stored there and you know we've encouraged anybody inside Apple that's storing a password to store it inside the keychain and not put it somewhere else and that gives kind of a consistent user experience and it also means that they don't have to try and write their own you know special set up a couple of things that you might not know about your keychain settings with these are good things to do if you go into keychain access you can set a time out on on lock because by default your login keychain just stays unlocked for the entire time that you're logged in so you can set that to be five minutes whatever you can also set it so that it locks when it sleeps if people have been using that feature on jaguar it didn't work quite the way we wanted to with closing the powerbook and going to sleep so that has been fixed in a nice way and it does the right thing when you close it like for example it will forget the credentials for your encrypted disk copy images so when you open the thing back up again it's going to prompt you again and if it doesn't get the either the keychain password or the disk image password it's going to unmount the disk so that's just the behavior you want on a portable device okay if you're in the Federal Space you make might be aware that we had released a product called the federal smart card package i think in january or februari and it was available just as a I think $49 product on the federal web store the interesting thing is that we've rolled that functionality into Panther it's not going to be of interest to you unless you're actually you know in a branch of the federal government that has uses common access cards but the thing that's sort of generally worth noting is that we we have put this in we've done changes to for example screen saver login window things like that so that they can be used with alternate authentication methods so there are other companies that have come out with this type of functionality and it's worth looking at that too I know crypto card has announced things active card sony has come out with a fingerprint reader so all these things are leveraged on top of the authorization API okay so at this point I want to bring back up Eric I want to introduce it to because he forgot to say who the heck he is but he he is the what are you prepared ready product marketing manager security product marketing manager I for OS 10 there you go thank you doesn't like I'm gonna go thanks so I saved the cool stuff for myself when putting this together so we didn't talk a lot about what's in Panther right now and I'm going to go through some of those things some of those nifty features right now as you can see here under your internet connect dialogue we now have a VPN support for l2tp over ipsec yay and that's in a client and server yeah pretty excited about that also we'll go in a little deeper about what we've done for a 2 to 1 X so we also support that as well for wired and wireless networks which is great so a very simple to use screen for the user to put in their settings not a lot of difficulty there also multiple configurations support so this is great kind of excited about this so if you're moving around from network to network or you're you're traveling you can just set up at home i'm on the i'm at the office and however you need to connect from that point so we support that as well and that's also in VPN and 80 to 1 x now you're probably familiar with the built-in firewall but for those of you who are not i wanted to mention it we have a built-in firewall based on ipfw quite simple to use and your users as they enable services the port's automatically open within the firewall themselves or you can customize it further for other well-known services that you'll see their apple remote desktop and what have you or things that aren't listed so we give you full customization of the firewall and also within the OS Transport Security a lot of this drops down to the CD s layer and makes calls from that point but of course we support openssl TLS and all the variants of that and then of course openssh is built into this system so that kind of ends a lot of the features that are in the OS around security we also are very concerned about holes that pop up because let's face as they do they do arise so we try to keep you as users informed about this we also work with cert and first to receive and distribute information we have a mailing list that you can get hooked up to so if any alerts come out you can get those sent to you so you don't have to actively check yourself in addition we have an email address that's what the thing is that you can report security oh that you may find and we actually do take them quite seriously when we research everyone we get and then also updates to the systems there's any security holes or vulnerabilities that pop up we can update those quite easily with security updates right within the system so just to summarize some of the recommendations we have here today controlling physical access is huge that's paramount I completely recommend using open password security and looks like a lot of you guys do here you know use the home directories and as you know now that filevault is there and you can just click a setting and your users will be secured they'll use the built-in firewall why not it's there it's free what the heck only turn on the services that you need there's a no-brainer and don't make everybody in administrator lets you have to so I'm going to bring up Sean Geddes Sean's going to talk about the current and future initiatives OS 10 and some of the neat work we're doing around [Applause] so I brought all my authentication devices because I was afraid I wouldn't be able to get in here the area of security within government many folks may initially think that that's just government doesn't affect me but I think all of you don't you all pay taxes I'll pay somehow you're all impacted by what our government does what we want to do is share a little bit with related to the OS related to efforts that Apple's doing and external entities are doing related to our product so within not only our government but within governments literally around the world there's the need to evaluate to provide assurance that the product truly is providing those secure services right where we're leveraging a lot of open source how does Apple or how to others ensure to you the customer to integrators to others that that product is providing that true security out of the box and with some of the recommendations that Eric and Jon and Dave had mentioned a lil bit earlier so common criteria widely known also as ISO 15 408 for those of you kind of in the other part of the world this is to address just that how do you evaluate how do you put a level playing field so to speak on evaluating the security of the products just to hit on some of these it's really to address issues in the market international computer market trends evaluation or evolution of adaptation of earlier criteria if you saw that the chain of events of TSX and other products other documents other government agencies that have involved themselves in making this a ubiquitous or I globally recognized approach all of this feeds into providing a much larger world view of how to look at products with respect to security so with common criteria with Apple first of all I want to give a couple points to let you know really what this is doing first of all it's a it's an independent certified lab that's looking at OS 10 OS 10 server to validate vendor claims validate what Apple is claiming about the product itself so that the feature set in the capabilities again I had mentioned about being globally accepted is 0 15 408 but what is Apple's target what are we doing with respect to mac OS Tanima clifton server we are shooting for pretty much kind of the standard for all operating systems and that's the controlled access protection profile the profile is really what the functional requirements of the OS now what are those features what's really in the product itself the reference at the end there is really for the assurance level how sure are you or how sure can the independent lab provide to you that indeed that claim that functional feature is again tested or it truly is there and again a level 3 goes through a methodically tested and checked process there there are multiple levels in this that get into a more granular kind of providing evidence and all that again those features are indeed there there there but I think for you all you want to know what what value is it going to be to you right what is Apple's evaluation of OS 10 OS x server for common criteria what value add is that going to be for you one of the key thing is that you know we've talked a lot about that here at wdc the open source colonel when you're dealing with a security of OS 10 OS and server you're truly looking at all of the open source code you're looking at the colonel you're looking at all the security frameworks that have been mentioned so you from the developer standpoint are now getting for you a independently certified open source under under the framework for the operating system oops going backwards you always have to hit the right button come on okay for developers not only that but you now have a secure foundation to build your solutions on as well much like I mentioned about securing a foundation for OS 10 since Darwin is the open source that could now be an embedded system for other solutions that you yourself are building as well so some of the things that we want to move into and share with you from a perspective of what we're doing within the government space or at least with the collaborative within that space kind of the second line their security built-in not bolted on I guess that's kind of our mantra within our space there's so many products so many vendors that have solutions where security is an afterthought you know hopefully you have seen that Apple is doing this right from the start but not only building things from the start you have to have that evolution and carry that through with products one of those approaches is and I'll get into a little bit more of this later is a secure trust OS consortium Eric had mentioned this is really an open collaborative community based environment for enhancing the security of Darwin right again you're going to have this independently certified kernel and search theory frameworks you need some additional enhancements to keep up with the times keep up with security innovation and again that's the focus of stas and we'll games a little bit more about that in a bit some other efforts that we do is we've done some work as well relating with DARPA DARPA the Defense Advanced Research Project agency and an individual there is Doug mom who has been heading up one of his projects it's called chat it's composable high assurance trusted systems the reason that's important is as I just mentioned Stassi is focused on enhancing the security of Darwin the focus of chat is to enhance the security of all open source operating systems so we are kind of a spoke in that whole process one other thing is related to creatives creatives for those of you don't know as a cooperative research and development agreement and what that does is allow two or more parties to work together in a very collaborative very interactive way to share the technologies to really get a little bit deeper into solutions without looking specifically at producing a product at the end of the month or at the you know the next quarter it's real research related with experts involved John had mentioned the Federal smartcard integration that we talked about a little bit earlier we did that specifically to address department of defense needs for the CAC card which I've got a few of those here this is yet another way that the government and Apple being involved in this as well is trying to provide another alternative for authentication by providing some mechanism for you the user within the OS and finally those of you who are familiar with nist a national into and standard of Technology there are many initiatives going on there that we're part of that is key to impacting again not only government but guidelines and standards for rolling out enterprising and the businesses after that as well many groups will look to the guidelines there for providing those the direction so let's look at just some of these in a little bit more detail I mention a little bit about secure trust OS consortium this is a that collaboration between the public private and academic sectors so there are university folks involved there are industry folks involved and there are government folks involved again an open collaboration all looking at the open source addressing specific needs working together on issues may be highlighting some areas that need work and then going forth kind of both with the passion and with the need within the organization's to make that happen it truly becomes a collaborative sandbox because you're working through those issues and this then becomes a staging area for ten right essentially what we're doing is we're enhancing the colonel it rolls right into Darwin CBS that becomes the foundation for OS 10 so it truly becomes a staging area for Mac OS 10 I want to give you at least some idea both from the high end and from a low end of the type of thing that we address one thing is kind of maybe from a more intense area is actually evaluating the original snapshot of Darwin at the time against other efforts you know maybe even like selinux or some of the other initiatives that have been funded and implemented in the past where does Darwin stand within that mix you know what what's the level of effort to bring it up to speed or up to kind of on par with those same solutions so that was one of the efforts that had already anon there were some other ones that may seem pretty small but they have a much bigger impact that was even leveraging the cdsa architecture within even just one of the modules within apache well what are we doing going forward some of those projects are security guidance documents I know I've been talking to several folks here at the conference and we don't yet provide any real documentation for what do i do to really configure kind of after i get out of the box and ever after everything shut down what do I really get where do I go where do I see kind of a document to tell me what to do to lock this down to some agreed level of security so that's one of the the efforts moving forward that's kind of at the low end and at the high end is kind of Nirvana right the ultimate goal is this true SE darwin so to speak kind of on parallel with selinux approach that's the that's the stops effort i mentioned crater great again is the cooperative research and development agreement it's focused on security specifically write a creatives can be anything they create it can be just looking into any type of technology solving a real world problem in here let's first take a look at what it does immediately for apple and a partner if that's a in the situation and then we'll look at how it impacts and affects you all as well so first of all when we're focusing on this there's a big technology transfer right Apple does some awesome stuff internally with security team and and within managing new projects bringing in the open source community but when you're really trying to address security at the whole and holistically from all angles you really need to reach out and exchange that technology both intelligence the expertise and literally down to the code level and that's where the technology transfer comes in sharing of expertise ideas it really is now enabling the partners to get further along than they would on their own that's kind of a given right if you if two people are working on the problem you're going to solve it much quicker if you're both working pretty good and sharing your resources you're going to get it a problem solved sooner than if you're both working kind of in parallel on your own solution so the real important thing to you is how is this how has apples involved in the Creator going to help you okay first thing is that much like I'd mentioned with stuff is now you're getting you're getting the benefit of a enhanced foundation to build your solutions on whether you build it directly on OS 10 OS x server or on directly on darwin with scary frameworks you're getting that as part of your development process literally for free right you're eating as part of the solution from Apple the same thing technology transfer you may not have that area of expertise maybe in encrypted storage containers like the encrypted disk copy image or public key that may not be your expertise but now you're getting that essentially for free from this effort and the real key thing is that now you can focus more on your killer application that makes you more money rather than focusing on trying to get and build in all that security from the start within your within your application and the key thing is that we're all benefiting from this effort right it's not just an apple it's not just a partner we're all benefiting from all this effort John had mentioned about the smartcard DoD is pretty much led the way on this and what I wanted to show is a couple highlights one thing is this is a multi-purpose ID I think they're specifically about five very directed types of solutions that are being solved or needs being solved by a by the smart cards the physical identification the secure logging into systems the signing encrypting of mail secure web access and I think many of you seen this in other sessions but it's a multi-purpose card right multiple multiple functions and I get tons of cards so you can see that it goes beyond the need for just one but again the key thing that reason I want to bring this out for you all is that they already have issued 2.4 million of these just within DoD and they're issuing 10,000 a day that's a business opportunity okay this is where the money comes in for you all not only that is that as things move forward the estimate is about another 1.3 million a year this is only I'm only referring at the moment to DoD then you have all of the other agencies within the federal government many of you probably should have seen areas even within state local governments are looking at types of solutions like this again big opportunities for you those who also are in the area of biometrics within the DoD space they're looking to incorporate that as well in with smart cards so again this is where you can start leveraging the technologies that are on the platform on the right side you're seeing a little bit of the anticipated deployment numbers some of those are a little bit debated by various folks but being upwards into 2005 possible deployment of up into the 16 million card range again just within our space maybe at this point i guess i need to bring back Mr Hudson or get the whole team so thank you very much for allowing me to share [Applause] so this this is going to be part of your pack when you get your DVD so I just thought I'd put those on there for you as reference later on