Quixote/TSEM: A new security architecture and eco-system for Linux.

[Dr. Greg]

Good evening, I hope the week has gone well for everyone.

On behalf of the Quixote team: Izzy the Golden Retriever, Maria, John
and myself; I am pleased to announce the initial release of the
Quixote/TSEM Trust Orchestration System.  We believe it uniquely
positions Linux to demonstrate a new approach to security and security
co-processor architectures.

Quixote/TSEM is based on the notion, that like all other physical
phenomenon, the security state of a platform or workload can be
mathematically modeled.  The objective is to provide for Linux
security what Docker did for Linux namespace technology.

There are two major components to this architecture.

TSEM is the Trusted Security Event Modeling system.  It is a new Linux
Security Module implementation, that at a conceptual level, is a
blending of integrity measurement and mandatory access controls.  It
treats the LSM hooks as the basis set for a functional description of
the security state of a system.

Quixote is the userspace software stack that makes the TSEM LSM
useful.  It implements the concept of a Trust Orchestration System
(TOS).  A trust orchestration environment is designed to keep a
platform or workload in a known trust state.  It thus implements the
notion of prospective trust rather than the retrospective trust model
available with TPM based architectures.

A patch series implementing the TSEM LSM has been submitted to the
linux-security-module list for review and inclusion in the upstream
kernel.

The source code for the Quixote TOS and pre-compiled binaries for the
userspace tooling can be found at the following URL:

ftp://ftp.enjellic.com/pub/Quixote

The source release includes a selection of TMA's that include Xen, SGX
and micro-controller implementations.

The kernel patches include a documentation file, that we believe,
thoroughly discusses the rationale and implementation of the new
architecture.  To avoid further indemnifying my reputation for
loquaciousness in e-mail, I will defer interested parties to that
document for further discussion.  The document is also included in the
Quixote source code release for those who choose to download that.

In addition to initiating a discussion on a different approach to
security, we hope that this release keeps Casey Schaufler from turning
more blue than he already is.  Given that I had mentioned to him two
months ago that a new LSM would become available, "in a couple of
weeks", that may influence conversations on changes to the Linux LSM
architecture that are being discussed.  Such is the state of software
development.... :-)

I would be more than happy to field any additional questions that may
be forthcoming.

Best wishes for a pleasant weekend.

As always,
Dr. Greg

The Quixote Project - Flailing at the Travails of Cybersecurity