POSSE project

From Wikipedia, the free encyclopedia
Jump to: navigation, search

The Portable Open Source Security Elements, or POSSE project, was a co-operative venture between the University of Pennsylvania Distributed Systems Laboratory, the OpenBSD project and others. It received funding through a grant from the United States Defense Advanced Research Projects Agency, or DARPA. The project's goal was to increase the security of some open source projects, including Apache and OpenSSL. The project ran from 2001 until April 2003, when the grant from DARPA was prematurely terminated.

This was a security initiative directed by the University of Pennsylvania Distributed Systems Laboratory and paid for through the Composable High Assurance Trusted Systems programme. POSSE was a US$2,125,000 grant designed "to introduce advanced security features used in special-purpose government computers into standard office PCs." The United States government hoped to benefit from the availability of better security features in affordable, standardized computers and software. OpenBSD was selected as "the computing world’s most secure forum for the development of open-source software" and approximately $1,000,000 was allotted to its development. In addition, by applying the security auditing concepts used in OpenBSD to other projects like OpenSSL, POSSE helped to increase the overall security of free and open source software.

In April 2003, speaking in an interview to a Canadian newspaper, the Globe and Mail, the founder and leader of the OpenBSD and OpenSSH projects, Theo de Raadt remarked on the occupation of Iraq: "I try to convince myself that our grant means a half of a cruise missile doesn't get built." Jonathan Smith, the head of the POSSE project, stated that US military officials had expressed discomfort with this comment. DARPA's funding for the project was subsequently terminated. It was theorised that the US government disapproved of these comments and that they led to the decision to cancel the grant [1]. The government, however, explained it as being "due to world events and the evolving threat posed by increasingly capable nation-states." This may be related to the fact that many of the beneficiaries of the grant were developers in foreign nations, such as the United Kingdom.

Colleagues in the POSSE project included Jonathan M. Smith of the University of Pennsylvania; Theo de Raadt, project founder and leader of OpenBSD; Michael B. Greenwald, assistant professor of Computer and Information Science at the University of Pennsylvania; Sotiris Ioannidis and Stefan Miltchev, graduate students at the Distributed Systems Lab of the Computer and Information Science department at the University of Pennsylvania; Ben Laurie, a former mathematician at Cambridge University and technical director of AL Digital Ltd, a director of the Apache Software Foundation and core team member of the OpenSSL Group; and Angelos Keromytis, at the time an assistant professor of computer science at Columbia University and an OpenBSD core developer.

External links[edit]