my additions, Sue's comments and updated budget

SCCS-vsn: admin/admin/DARPA/BAA.security/B.t 1.2
SCCS-vsn: admin/admin/DARPA/BAA.security/C.t 1.2
SCCS-vsn: admin/admin/DARPA/BAA.security/D.t 1.2
SCCS-vsn: admin/admin/DARPA/BAA.security/F.t 1.3
SCCS-vsn: admin/admin/DARPA/BAA.security/V2B.t 1.2

diff --git a/usr/src/admin/admin/DARPA/BAA.security/B.t b/usr/src/admin/admin/DARPA/BAA.security/B.t
index 2fa90b4..a8d4536 100644 (file)
--- a/usr/src/admin/admin/DARPA/BAA.security/B.t
+++ b/usr/src/admin/admin/DARPA/BAA.security/B.t
@@ -1,4 +1,4 @@
-.\"     @(#)B.t        1.1     89/02/24
+.\"     @(#)B.t        1.2     89/02/24

 .LP
 \fB\s+4B. Summary of Innovation\fP\s-4
 .PP
 .LP
 \fB\s+4B. Summary of Innovation\fP\s-4
 .PP


@@ -9,8 +9,17 @@ in a stable and reliable implementation that solves current problems in
 operating systems research.
 The resulting system is widely used by other researchers in operating systems
 and network protocols and implementations.
 operating systems research.
 The resulting system is widely used by other researchers in operating systems
 and network protocols and implementations.

+.PP

 The network and authentication subsystems are the bases
 for the TCP/IP and login authentication systems of most networked UNIX systems.
 The network and authentication subsystems are the bases
 for the TCP/IP and login authentication systems of most networked UNIX systems.

+This project will augment the current weak authentication scheme
+with a true network authentication services.
+Remote login, process execution and local network services will
+be modified to use this service in such a way that the user interface
+will remain as it is, allowing use of network services without entering
+passwords at each use.
+User's passwords will no longer be passed through the network,
+even in encrypted form.

 The improvements that this project will make in those subsystems will be
 applicable to most research and commercial versions of UNIX.
 .PP
 The improvements that this project will make in those subsystems will be
 applicable to most research and commercial versions of UNIX.
 .PP

diff --git a/usr/src/admin/admin/DARPA/BAA.security/C.t b/usr/src/admin/admin/DARPA/BAA.security/C.t
index f60d7b5..829487b 100644 (file)
--- a/usr/src/admin/admin/DARPA/BAA.security/C.t
+++ b/usr/src/admin/admin/DARPA/BAA.security/C.t
@@ -1,15 +1,43 @@
-.\"     @(#)C.t        1.1     89/02/23
+.\"     @(#)C.t        1.2     89/02/24

 .LP
 \fB\s+4C. Deliverables\fP\s-4
 .PP
 We are planning to implement prototypes for each of these
 outlined areas of work over the period of this proposal.
 .LP
 \fB\s+4C. Deliverables\fP\s-4
 .PP
 We are planning to implement prototypes for each of these
 outlined areas of work over the period of this proposal.

-We will do an informal release
-to interested developers during the proposal period.
+.LP
+1.  We will do an informal (``alpha'') release of the system
+to interested developers after the first quarter of the proposal period.

 In particular, the informal release will be made available
 to the group at Mt Xinu that is producing a commercially
 In particular, the informal release will be made available
 to the group at Mt Xinu that is producing a commercially

-supported MACH release.
-After incorporating feedback and refinements from the testers,
+supported MACH release, as well as to collaborators on the OSI networking
+project.
+The alpha release will include
+.IP "   \(bu
+a shadow password facility that makes password guessing much more difficult
+.IP "   \(bu
+a network authentication system integrated into the standard system login
+and network servers
+.IP "   \(bu
+network protocols and applications that conform to the forthcoming
+Internet Host Requirements specification
+.LP
+2.  In addition to the informal tape-based release,
+much of the networking software can be made publically available
+via the Internet.
+The shadow password facility and the revised network protocols and
+servers will be made available in this way as they are completed.
+.LP
+3.  After incorporating feedback and refinements from the testers,

 another release will be made to interested parties
 at the end of the proposal period.
 another release will be made to interested parties
 at the end of the proposal period.

+This release will be a stable system that may be used by other researchers,
+although it may be known as a ``beta'' or intermediate release.
+Any problems identified in the first release will be corrected
+in the second release.
+Ancillary network servers such as the printing and mailing systems
+will be converted to use the new authentication scheme for the second
+release.
+.LP
+4.  We will submit a technical report
+describing the work done under this proposal.

 .bp
 .bp

diff --git a/usr/src/admin/admin/DARPA/BAA.security/D.t b/usr/src/admin/admin/DARPA/BAA.security/D.t
index ad823f1..75bc262 100644 (file)
--- a/usr/src/admin/admin/DARPA/BAA.security/D.t
+++ b/usr/src/admin/admin/DARPA/BAA.security/D.t
@@ -1,21 +1,33 @@
-.\"     @(#)D.t        1.1     89/02/23
+.\"     @(#)D.t        1.2     89/02/24

 .LP
 \fB\s+4D. Milestones\fP\s-4
 .PP
 The security work described above has already been started informally,
 and will be conducted more thoroughly at the start of the period covered
 by this proposal.
 .LP
 \fB\s+4D. Milestones\fP\s-4
 .PP
 The security work described above has already been started informally,
 and will be conducted more thoroughly at the start of the period covered
 by this proposal.

-We will distribute the changes to the servers electronically
-as groups of servers are completed, with immediate distribution
+.IP "   \(bu
+When the Internet Host Requirements standard is finalized,
+the necessary changes will be implemented and incorporated into the system.
+The security audit will proceed in parallel.
+The Telnet, FTP, SMTP and name servers will be completed within three months
+of finalization of the standard.
+.IP "   \(bu
+The security audit of the login, remote login, remote process and printer 
+servers will commence at the beginning of the project.
+We will distribute the changes to both sets of servers electronically
+as they are completed, with immediate distribution

 of fixes for serious problems.
 of fixes for serious problems.

-As the Internet Host Requirements are finalized,
-they will be implemented and incorporated into the system.
+.IP "   \(bu
+Network- and transport-level changes must be made in the kernel protocol
+implementations.

 In particular, support for IP type-of-service options and routing needs
 to be added, and recent proposals for gateway monitoring should be implemented
 and tested.
 In particular, support for IP type-of-service options and routing needs
 to be added, and recent proposals for gateway monitoring should be implemented
 and tested.

+This work will be done in the third quarter.
+.IP "   \(bu

 We will also incorporate all secuirty and Host Requirement
 We will also incorporate all secuirty and Host Requirement

-changes into following releases.
-.PP
+changes into the following releases as described in section C.
+.IP "   \(bu

 Once an authentication mechanism has been identified,
 it will be integrated into the system and incorporated
 into the final release.
 Once an authentication mechanism has been identified,
 it will be integrated into the system and incorporated
 into the final release.

diff --git a/usr/src/admin/admin/DARPA/BAA.security/F.t b/usr/src/admin/admin/DARPA/BAA.security/F.t
index 348d18c..022bd73 100644 (file)
--- a/usr/src/admin/admin/DARPA/BAA.security/F.t
+++ b/usr/src/admin/admin/DARPA/BAA.security/F.t
@@ -1,4 +1,4 @@
-.\"     @(#)F.t        1.2     89/02/23
+.\"     @(#)F.t        1.3     89/02/24

 .LP
 \fB\s+4F. Statement of Work\fP\s-4
 .PP
 .LP
 \fB\s+4F. Statement of Work\fP\s-4
 .PP


@@ -12,6 +12,6 @@ utilities to check for and eliminate unintended system access mechanisms.
 Identification, evaluation, and incorporation of an authentication mechanism
 into the system.
 .IP \(bu
 Identification, evaluation, and incorporation of an authentication mechanism
 into the system.
 .IP \(bu

-Complete conformance with the Internet Host Requirements
+Complete conformance with the Internet Host Requirements RFC

 when that standard is released.
 .bp
 when that standard is released.
 .bp

diff --git a/usr/src/admin/admin/DARPA/BAA.security/V2B.t b/usr/src/admin/admin/DARPA/BAA.security/V2B.t
index 80ffe15..838e052 100644 (file)
--- a/usr/src/admin/admin/DARPA/BAA.security/V2B.t
+++ b/usr/src/admin/admin/DARPA/BAA.security/V2B.t
@@ -1,9 +1,10 @@
-.\"     @(#)V2B.t      1.1     89/02/23
+.\"     @(#)V2B.t      1.2     89/02/24
+.nr PS 10
+.nr VS 12

 .LP
 \fB\s+4B. Budget\fP\s-4
 .LP
 .LP
 \fB\s+4B. Budget\fP\s-4
 .LP

-.ce2
-SECURITY BUDGET
+.ce

 April 1, 1989 - March 31, 1990
 .sp2
 .TS
 April 1, 1989 - March 31, 1990
 .sp2
 .TS


@@ -25,17 +26,18 @@ C. EQUIPMENT
 
      1. 2 ea. DEC/Sun 8MB Workstations $ 19,390
      2. 3 ea. SMD Disk Drives  $ 33,000
 
      1. 2 ea. DEC/Sun 8MB Workstations $ 19,390
      2. 3 ea. SMD Disk Drives  $ 33,000

-     3. 3 Ethernet Interfaces  $ 9,000
+     3. 4 ea. Ethernet Interfaces      $ 12,000

      4. 4 ea. 9600 Baud Telebit Modems $ 6,400
      5. 3 ea. 4 Mb Upgrades for Sun Workstations       $ 9,000
      4. 4 ea. 9600 Baud Telebit Modems $ 6,400
      5. 3 ea. 4 Mb Upgrades for Sun Workstations       $ 9,000

-     6. 2 ea. 16 Mb Upgrades for Micro VAX     $ 16,000
-     7. 3 ea. SCSI Disks       $9,600
-     8. 4 ea. Interphase 4400 Disk Controllers $ 20,000
+     6. 3 ea. 16 Mb Upgrades for VAX   $ 24,000
+     7. 1 ea. SCSI Disks       $3,200
+     8. 3 ea. Interphase 4400 Disk Controllers $ 15,000

      9. 4 ea. High-speed Network Interfaces    $ 30,000
      9. 4 ea. High-speed Network Interfaces    $ 30,000

-    10. 2 ea. X.25 Network Interfaces  $ 10,000
-    11. 2 Exabyte 8mm Tape Backup Systems      $ 15,000
+    10. 1 ea. X.25 Network Interfaces  $ 5,000
+    11. 2 ea. Exabyte 8mm Tape Backup Systems  $ 15,000
+    12. 1 ea. MicroVAX Gateway $ 15,000

 
 

-     TOTAL EQUIPMENT   $ 177,390
+     TOTAL EQUIPMENT   $ 186,990

 
 D. TRAVEL
 
 
 D. TRAVEL
 


@@ -52,9 +54,9 @@ E. SUPPLIES AND EXPENSES
 
      TOTAL SUPPLIES AND EXPENSES       $ 49,358
 
 
      TOTAL SUPPLIES AND EXPENSES       $ 49,358
 

-F. TOTAL DIRECT COSTS  $ 381,008
+F. TOTAL DIRECT COSTS  $ 390,690

 
 

-G. INDIRECT COSTS (47% of $203,618 Modified Total Direct Costs)        $ 95,700
+G. INDIRECT COSTS (48.5% of $203,619 Modified Total Direct Costs)      $ 98,755

 
 

-H.  TOTAL COST OF PROJECT      $ 476,708
+H.  TOTAL COST OF PROJECT      $ 489,364

 .TE
 .TE