Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: Capsicum: practical capabilities for UNIX (fwd)

From: Hugo Silva (hugobarafranca.com)
Date: Fri Aug 13 2010 - 04:01:53 CDT

Robert Watson wrote:
> For those following security and access control in FreeBSD, this may be
> of interest. We'll have updated patches for Capsicum available for
> FreeBSD 8.1 in the next week or so. Feedback on the approach would be
> most welcome!
> Robert N M Watson
> Computer Laboratory
> University of Cambridge

Very nice. I am looking forward to play with this ;-)

> ---------- Forwarded message ----------
> Date: Thu, 12 Aug 2010 03:00:03 -0000
> From: Light Blue Touchpaper <notify+lbt-admincl.cam.ac.uk>
> Reply-To: cl-security-researchlists.cam.ac.uk
> To: cl-security-researchlists.cam.ac.uk
> Subject: Capsicum: practical capabilities for UNIX
> URL:
> http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/
> by Robert N. M. Watson
> Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented
> [Capsicum:
> practical capabilities for UNIX][1] at the [19th USENIX Security
> Symposium][2]
> in Washington, DC; the [slides][3] can be found on the [Capsicum web
> site][4].
> We argue that capability design principles fill a gap left by discretionary
> access control (DAC) and mandatory access control (MAC) in operating
> systems
> when supporting security-critical and security-aware applications.
> Capsicum responds to the trend of application compartmentalisation
> (sometimes
> called privilege separation) by providing strong and well-defined isolation
> primitives, and by facilitating rights delegation driven by the
> application (and
> eventually, user). These facilities prove invaluable, not just for
> traditional
> security-critical programs such as tcpdump and OpenSSH, but also complex
> security-aware applications that map distributed security policies into
> local
> primitives, such as Google's Chromium web browser, which implement the
> same-
> origin policy when sandboxing JavaScript execution.
> Capsicum extends POSIX with a new _capability mode_ for processes, and
> _capability_ file descriptor type, as well as supporting primitives such as
> _process descriptors_. Capability mode denies access to global operating
> system
> namespaces, such as the file system and IPC namespaces: only delegated
> rights
> (typically via file descriptors or more refined capabilities) are
> available to
> sandboxes. We prototyped Capsicum on FreeBSD 9.x, and have extended a
> variety of
> applications, including Google's Chromium web browser, to use Capsicum for
> sandboxing. Our paper discusses design trade-offs, both in Capsicum and in
> applications, as well as a performance analysis. Capsicum is available
> under a
> BSD license.
> Capsicum is collaborative research between the University of Cambridge and
> Google, and has been sponsored by Google, and will be a foundation for
> future
> work on application security, sandboxing, and usability security at
> Cambridge
> and Google. Capsicum has also been backported to FreeBSD 8.x, and Heradon
> Douglas at Google has an in-progress port to Linux.
> We're also pleased to report the Capsicum paper won Best Student Paper
> award at
> the conference!
> [1]:
> http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-
> security-capsicum-website.pdf
> [2]: http://www.usenix.org/events/sec10/
> [3]: http://www.cl.cam.ac.uk/research/security/capsicum/slides/20100811
> -usenix-capsicum.pdf
> [4]: http://www.cl.cam.ac.uk/research/security/capsicum/
> _______________________________________________
> freebsd-securityfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"