From drysdale@google.com Tue Jun 10 00:57:17 2014
Date: Wed, 4 Jun 2014 09:20:38 +0100
From: David Drysdale <drysdale@google.com>
To: lss-pc@ext.namei.org
Cc: Kees Cook <keescook@google.com>
Subject: [lss-pc] LSS discussion topic suggestion: Capsicum on Linux

Hi,

I'm coming to the Linux Security Summit in August, and Kees suggested that a
discussion topic about the project I'm working on -- Capsicum on Linux -- might
be of interest.  In case it is, I've attached a short proposal abstract below.

Regards,
David Drysdale

---------

Capsicum is a lightweight security framework, blending concepts from
object-capability security with POSIX operating system semantics.

In particular, Capsicum allows the operations that can be performed on
individual file descriptors to be restricted to those specified by a set of
fine-grained rights.

Capsicum also implements capability mode, which restricts a process from
using system calls that access global namespaces (such as the directory
hierarchy or IP:port space), and so prevents access to any new resources.

The combination of these features allows security-aware applications to sandbox
themselves in a precise manner, without relying on external policy.

Capsicum was originally created at the University of Cambridge Computing
Laboratory [1] and implemented in FreeBSD 9.0. Google is currently
implementing equivalent functionality for the Linux kernel.

This discussion topic covers the core concepts of Capsicum, together with the
specific issues arising from the Linux kernel implementation.


[1] http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf

_______________________________________________
lss-pc mailing list
lss-pc@ext.namei.org
https://ext.namei.org/mailman/listinfo/lss-pc