POSSE project
Encyclopedia
The Portable Open Source Security Elements, or POSSE project, was a co-operative venture between the University of Pennsylvania
Distributed Systems Laboratory, the OpenBSD
project and others. It received funding through a grant from the United States
Defense Advanced Research Projects Agency
, or DARPA. The project's goal was to increase the security of some open source
projects, including Apache
and OpenSSL
. The project ran from 2001 until April 2003, when the grant from DARPA was prematurely terminated.
This was a security initiative directed by the University of Pennsylvania Distributed Systems Laboratory and paid for through the Composable High Assurance Trusted Systems programme. POSSE was a US$
2,125,000 grant designed "to introduce advanced security features used in special-purpose government computers into standard office PCs." The United States government hoped to benefit from the availability of better security features in affordable, standardized computers and software. OpenBSD was selected as "the computing world’s most secure forum for the development of open-source software" and approximately $1,000,000 was allotted to its development. In addition, by applying the security auditing concepts used in OpenBSD to other projects like OpenSSL, POSSE helped to increase the overall security of free and open source software.
In April 2003, speaking in an interview to a Canadian newspaper, the Globe and Mail, the founder and leader of the OpenBSD and OpenSSH
projects, Theo de Raadt
remarked on the occupation of Iraq: "I try to convince myself that our grant means a half of a cruise missile
doesn't get built." Jonathan Smith, the head of the POSSE project, stated that US military officials had expressed discomfort with this comment. DARPA's funding for the project was subsequently terminated. It was theorised that the US government disapproved of these comments and that they led to the decision to cancel the granthttp://lwn.net/Articles/29937/. The government, however, explained it as being "due to world events and the evolving threat posed by increasingly capable nation-states." This may be related to the fact that many of the beneficiaries of the grant were developers in foreign nations, such as the United Kingdom
.
Colleagues in the POSSE project included Jonathan M. Smith of the University of Pennsylvania; Theo de Raadt, project founder and leader of OpenBSD
; Michael B. Greenwald, assistant professor of Computer and Information Science at the University of Pennsylvania; Sotiris Ioannidis and Stefan Miltchev, graduate students at the Distributed Systems Lab of the Computer and Information Science department at the University of Pennsylvania; Ben Laurie
, a former mathematician at Cambridge University
and technical director of AL Digital Ltd, a director of the Apache Software Foundation
and core team member of the OpenSSL
Group; and Angelos Keromytis, at the time an assistant professor of computer science at Columbia University
and an OpenBSD core developer.
University of Pennsylvania
The University of Pennsylvania is a private, Ivy League university located in Philadelphia, Pennsylvania, United States. Penn is the fourth-oldest institution of higher education in the United States,Penn is the fourth-oldest using the founding dates claimed by each institution...
Distributed Systems Laboratory, the OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
project and others. It received funding through a grant from the United States
United States
The United States of America is a federal constitutional republic comprising fifty states and a federal district...
Defense Advanced Research Projects Agency
Defense Advanced Research Projects Agency
The Defense Advanced Research Projects Agency is an agency of the United States Department of Defense responsible for the development of new technology for use by the military...
, or DARPA. The project's goal was to increase the security of some open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
projects, including Apache
Apache HTTP Server
The Apache HTTP Server, commonly referred to as Apache , is web server software notable for playing a key role in the initial growth of the World Wide Web. In 2009 it became the first web server software to surpass the 100 million website milestone...
and OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
. The project ran from 2001 until April 2003, when the grant from DARPA was prematurely terminated.
This was a security initiative directed by the University of Pennsylvania Distributed Systems Laboratory and paid for through the Composable High Assurance Trusted Systems programme. POSSE was a US$
United States dollar
The United States dollar , also referred to as the American dollar, is the official currency of the United States of America. It is divided into 100 smaller units called cents or pennies....
2,125,000 grant designed "to introduce advanced security features used in special-purpose government computers into standard office PCs." The United States government hoped to benefit from the availability of better security features in affordable, standardized computers and software. OpenBSD was selected as "the computing world’s most secure forum for the development of open-source software" and approximately $1,000,000 was allotted to its development. In addition, by applying the security auditing concepts used in OpenBSD to other projects like OpenSSL, POSSE helped to increase the overall security of free and open source software.
In April 2003, speaking in an interview to a Canadian newspaper, the Globe and Mail, the founder and leader of the OpenBSD and OpenSSH
OpenSSH
OpenSSH is a set of computer programs providing encrypted communication sessions over a computer network using the SSH protocol...
projects, Theo de Raadt
Theo de Raadt
Theo de Raadt , born May 19, 1968 in Pretoria, South Africa, is a software engineer who lives in Calgary, Alberta, Canada. He is the founder and leader of the OpenBSD and OpenSSH projects, and was a founding member of the NetBSD project.- Childhood :...
remarked on the occupation of Iraq: "I try to convince myself that our grant means a half of a cruise missile
Cruise missile
A cruise missile is a guided missile that carries an explosive payload and is propelled, usually by a jet engine, towards a land-based or sea-based target. Cruise missiles are designed to deliver a large warhead over long distances with high accuracy...
doesn't get built." Jonathan Smith, the head of the POSSE project, stated that US military officials had expressed discomfort with this comment. DARPA's funding for the project was subsequently terminated. It was theorised that the US government disapproved of these comments and that they led to the decision to cancel the granthttp://lwn.net/Articles/29937/. The government, however, explained it as being "due to world events and the evolving threat posed by increasingly capable nation-states." This may be related to the fact that many of the beneficiaries of the grant were developers in foreign nations, such as the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
.
Colleagues in the POSSE project included Jonathan M. Smith of the University of Pennsylvania; Theo de Raadt, project founder and leader of OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
; Michael B. Greenwald, assistant professor of Computer and Information Science at the University of Pennsylvania; Sotiris Ioannidis and Stefan Miltchev, graduate students at the Distributed Systems Lab of the Computer and Information Science department at the University of Pennsylvania; Ben Laurie
Ben Laurie
Ben Laurie is a software engineer, protocol designer and cryptographer. He is a founding director of The Apache Software Foundation, a core team member of OpenSSL, a member of the Shmoo Group, a director of the Open Rights Group, Director of Security at The Bunker Secure Hosting, Trustee and...
, a former mathematician at Cambridge University
University of Cambridge
The University of Cambridge is a public research university located in Cambridge, United Kingdom. It is the second-oldest university in both the United Kingdom and the English-speaking world , and the seventh-oldest globally...
and technical director of AL Digital Ltd, a director of the Apache Software Foundation
Apache Software Foundation
The Apache Software Foundation is a non-profit corporation to support Apache software projects, including the Apache HTTP Server. The ASF was formed from the Apache Group and incorporated in Delaware, U.S., in June 1999.The Apache Software Foundation is a decentralized community of developers...
and core team member of the OpenSSL
OpenSSL
OpenSSL is an open source implementation of the SSL and TLS protocols. The core library implements the basic cryptographic functions and provides various utility functions...
Group; and Angelos Keromytis, at the time an assistant professor of computer science at Columbia University
Columbia University
Columbia University in the City of New York is a private, Ivy League university in Manhattan, New York City. Columbia is the oldest institution of higher learning in the state of New York, the fifth oldest in the United States, and one of the country's nine Colonial Colleges founded before the...
and an OpenBSD core developer.