 |
||
 |
||
 |
||
|
||
|
||
|
||
|
||
Network Media, LLC
1519 NE FJ McClean Ct
Suite 2
Bend, OR
97701
541-480-9400
OpenBSD White PapersWhite papers regarding OpenBSD technology |
|
NetworkingDealing with Public Ethernet Jacks - Switches, Gateways, and Authentication"This paper describes the tools and techniques developed and deployed
to address the problem of blocking unauthorized users on unprotected Ethernet jacks." Paper [PostScript] Slides [PostScript] Transparent Network Security Policy Enforcement"This paper describes the architecture and implementation of a Layer-2 (link layer) bridge with extensions for offering Layer-3 security services. We extend the OpenBSD ethernet bridge to perform simple IP packet filtering and IPsec processing for incoming and outgoing packets on behalf of a protected node, completely transparent to both the protected and the remote communication endpoint." Paper [PostScript] Slides [PostScript] Implementing Internet Key Exchange (IKE)"This paper descrives the design, architecture, and implementation details of the OpenBSD IKE daemon, with separate mention of security policy mechanism." Paper [PostScript] Slides [PostScript] SystemThe Design of the OpenBSD Cryptographic Framework"We present the OpenBSD Cryptographic Framework (OCF), a service virtualization layer implemented inside the kernel, that provides uniform access to accelerator functionality by hiding card-specific details behind a carefully-designed API. We evaluate the impact of the OCF in a variety of benchmarks, measuring overall system performance, and application throughput when multiple applications make use of it." Paper [PDF] Cryptography in OpenBSD: An Overview"This paper gives an overview of the cryptography employed in OpenBSD. We discuss the various components (IPsec, SSL libraries, stronger password encryption, Kerberos IV, random number generators, etc.), their role in system security, and their interactions with the rest of the system (and, where applicable, the network)." Paper [PostScript] Slides [PostScript] strlcpy and strlcat --- consistent, safe, string copy and concatenation"As the prevalence of buffer overflow attacks has increased, more and more programmers are using size or length-bounded string functions such as strncpy() and strncat(). While this is certainly an encouranging trend, the standard C string functions generally used were not really designed for the task. This paper describes an alternate, intuitive, and consistent API designed with safe string copies in mind." Paper [PostScript] Slides [PostScript] Encrypting Virtual Memory"In modern operating systems, cryptographic file systems can protect confidential data from unauthorized access. However, once an authorized process has accessed data from a cryptographic file system, the data can appear as plaintext in the unprotected virtual memory backing store, even after system shutdown. The solution described in this paper uses swap encryption for processes in possession of confidential data." Paper [PostScript] Slides [PostScript] |
|
Research Archive | Support Center | Services | Products | About Network Media | Home
© 2005 Network Media, LLC www@nmedia.net