The OpenCM manual is available online here. A printable form will appear here shortly.
Three papers have been published on OpenCM:
Jonathan S. Shapiro and John Vanderburgh, ``CPCMS: A Configuration Management System Based on Cryptographic Names,'' Proc. 2002 USENIX Annual Technical Conference, FreeNIX Track, Monterey, CA, 2002
This paper gives a general overview of OpenCM. Regrettably the camera ready had to go in before we selected a final name. This paper won the ``best paper'' award for the 2002 FreeNIX track.
Jonathan S. Shapiro and John Vanderburgh. ``Access and Integrity Control in a Public-Access, High-Assurance Configuration Management System,'' Proc. 11th USENIX Security Symposium, 2002, San Francisco, CA, 2002.
This paper describes how access and integrity management is handled in OpenCM. It will be given at the August USENIX Security conference.
Jonathan S. Shapiro, John Vanderburgh, and Jack Lloyd ``OpenCM: Early Experiences and Lessons Learned,'' Proc. 2003 USENIX Annual Technical Conference, FreeNIX Track
This paper gives a sense of what we think we got wrong in the original OpenCM design, and what has emerged as a result.
A word of caution: as we pushed for the release, several schema changes were made for performance and manageability reasons. The substance of the first two papers is accurate, but details of the implementation have changed since the camera-ready copy was frozen.
As relevant third-party documents come to our attention, we will be adding them here.
Lynzi Ziegenhagen. Evaluating Configuration Management Tools for High Assurance Software Development Projects, Master's Thesis, Naval Postgraduate School, Monterey, California, June 2003.
The Center for Information Systems Security Studies and Research is on the path to creating an EAL7 operating system that will be made available as an open exemplar. As part of this process, Ms. Ziegenhagen did a comparative evaluation of several configuration management tools for this purpose. OpenCM is one of the tools evaluated, and OpenCM emerges favorably. Comments on some details of the thesis can be found here.
Back to the overview.