We're sorry but this page doesn't work properly without JavaScript enabled. Please enable it to continue.
Feedback

CloudABI: Capability based security on Linux/Unix

Formale Metadaten

Titel
CloudABI: Capability based security on Linux/Unix
Serientitel
Teil
28
Anzahl der Teile
169
Autor
Lizenz
CC-Namensnennung - keine kommerzielle Nutzung - Weitergabe unter gleichen Bedingungen 3.0 Unported:
Sie dürfen das Werk bzw. den Inhalt zu jedem legalen und nicht-kommerziellen Zweck nutzen, verändern und in unveränderter oder veränderter Form vervielfältigen, verbreiten und öffentlich zugänglich machen, sofern Sie den Namen des Autors/Rechteinhabers in der von ihm festgelegten Weise nennen und das Werk bzw. diesen Inhalt auch in veränderter Form nur unter den Bedingungen dieser Lizenz weitergeben
Identifikatoren
Herausgeber
Erscheinungsjahr
Sprache

Inhaltliche Metadaten

Fachgebiet
Genre
Abstract
Alex Willmer - CloudABI: Capability based security on Linux/Unix Take POSIX, add capability-based security, then remove anything that conflicts. The result is CloudABI, available for BSD, Linux, OSX et al. A CloudABI process is incapable of any action that has a global impact It can only affect the file descriptors you provide. As a result even unknown binaries can safely be executed - without the need for containers, virtual machines, or other sandboxes. This talk will introduce CloudABI, how to use it with Python, the benefits, and the trade-offs. ----- [CloudABI] is a new POSIX based computing environment that brings [capability-based security] to BSD, Linux, OSX et al. Unlike traditional Unix, if a CloudABI process goes rogue it _cannot_ execute random binaries, or read arbitrary files. This is achieved by removing `open()` & any other API able to acquire global resources. Instead a CloudABI process must be granted _capabilities_ to specific resources (e.g. directories, files, sockets) in the form of file descriptors. If a process only has a descriptor for `/var/www` then it's _incapable_ of affecting any file or folder outside that directory. This talk will - Review the security & reusability problems of Linux & Unix processes - Introduce capability-based security - Summarize the design of CloudABI - its benefits & trade-offs - Demonstrate how to write Python software for CloudABI & run it - Point out the pitfalls & gotchas to be aware of - Discuss the current & future status of CloudABI CloudABI began life on FreeBSD. It also runs DragonFly BSD, NetBSD, PC-BSD, Arch Linux, Debian, Ubuntu, & OS X. The API & ABI are kernel agnostic - a CloudABI binary can run on any supported kernel. The design is evolved from [Capsicum], a library that allows processes to drop access to undesired syscalls at runtime. CloudABI applies this at build time to make testing & lock- down easier.