Date: Fri, 13 Aug 2010 10:01:53 +0100 From: Hugo Silva <hugo@barafranca.com> To: Robert Watson <rwatson@FreeBSD.org> Cc: freebsd-security@FreeBSD.org Subject: Re: Capsicum: practical capabilities for UNIX (fwd) Message-ID: <4C650A01.5070002@barafranca.com> In-Reply-To: <alpine.BSF.2.00.1008130533540.76639@fledge.watson.org> References: <alpine.BSF.2.00.1008130533540.76639@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > > For those following security and access control in FreeBSD, this may be > of interest. We'll have updated patches for Capsicum available for > FreeBSD 8.1 in the next week or so. Feedback on the approach would be > most welcome! > > Robert N M Watson > Computer Laboratory > University of Cambridge Very nice. I am looking forward to play with this ;-) > > ---------- Forwarded message ---------- > Date: Thu, 12 Aug 2010 03:00:03 -0000 > From: Light Blue Touchpaper <notify+lbt-admin@cl.cam.ac.uk> > Reply-To: cl-security-research@lists.cam.ac.uk > To: cl-security-research@lists.cam.ac.uk > Subject: Capsicum: practical capabilities for UNIX > > URL: > http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/ > > by Robert N. M. Watson > > Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented > [Capsicum: > practical capabilities for UNIX][1] at the [19th USENIX Security > Symposium][2] > in Washington, DC; the [slides][3] can be found on the [Capsicum web > site][4]. > We argue that capability design principles fill a gap left by discretionary > access control (DAC) and mandatory access control (MAC) in operating > systems > when supporting security-critical and security-aware applications. > > Capsicum responds to the trend of application compartmentalisation > (sometimes > called privilege separation) by providing strong and well-defined isolation > primitives, and by facilitating rights delegation driven by the > application (and > eventually, user). These facilities prove invaluable, not just for > traditional > security-critical programs such as tcpdump and OpenSSH, but also complex > security-aware applications that map distributed security policies into > local > primitives, such as Google's Chromium web browser, which implement the > same- > origin policy when sandboxing JavaScript execution. > > Capsicum extends POSIX with a new _capability mode_ for processes, and > _capability_ file descriptor type, as well as supporting primitives such as > _process descriptors_. Capability mode denies access to global operating > system > namespaces, such as the file system and IPC namespaces: only delegated > rights > (typically via file descriptors or more refined capabilities) are > available to > sandboxes. We prototyped Capsicum on FreeBSD 9.x, and have extended a > variety of > applications, including Google's Chromium web browser, to use Capsicum for > sandboxing. Our paper discusses design trade-offs, both in Capsicum and in > applications, as well as a performance analysis. Capsicum is available > under a > BSD license. > > Capsicum is collaborative research between the University of Cambridge and > Google, and has been sponsored by Google, and will be a foundation for > future > work on application security, sandboxing, and usability security at > Cambridge > and Google. Capsicum has also been backported to FreeBSD 8.x, and Heradon > Douglas at Google has an in-progress port to Linux. > > We're also pleased to report the Capsicum paper won Best Student Paper > award at > the conference! > > [1]: > http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix- > security-capsicum-website.pdf > > [2]: http://www.usenix.org/events/sec10/ > > [3]: http://www.cl.cam.ac.uk/research/security/capsicum/slides/20100811 > -usenix-capsicum.pdf > > [4]: http://www.cl.cam.ac.uk/research/security/capsicum/ > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C650A01.5070002>