From owner-freebsd-hackers@FreeBSD.ORG Thu Apr 16 15:32:50 2015 Return-Path: Delivered-To: hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2D5FBABC for ; Thu, 16 Apr 2015 15:32:50 +0000 (UTC) Received: from mail-ob0-f170.google.com (mail-ob0-f170.google.com [209.85.214.170]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id ED534CA5 for ; Thu, 16 Apr 2015 15:32:48 +0000 (UTC) Received: by obbeb7 with SMTP id eb7so45532452obb.3 for ; Thu, 16 Apr 2015 08:32:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:date:message-id:subject:from:to :content-type; bh=go8u96UaPm8T8degRfLz7sXaUR/1/fDIqZopmdSH27Q=; b=fILDx4lRXc7yoYvhlD+pA61bo1+I6vfKtpMD2WewvvGQx7hzSKjITWRPy9zXTYamjd I2liDpJtCY0IaEJ3B9833PG7RU/UFucTHmgHyy6HhiTQI7TOHloDFOYPHjL9/RHpfzTm KbzPQ2MT1lBn2FTUBP6xGBJJ9Qj0+zI4TjputLArjOvGP6GcRHGgJzgi/IjzoYvKIvtg 2p7oYrxntOal4xj+VcJtFfosr4Z6YgoZfvDy+o137k24qFEwh0QCwnjmCjl3FUdTVQxX 0Rd3n80xSFQqG90aW+6P6I98n+KkyEfWdmz06gHA6YhnB2/Wpn8mmmrCuzX/n/sMbLjV ihAg== X-Gm-Message-State: ALoCoQklHavcbZ9MSU3tnJkcyfZHx8JBp9LR6/SBQVqrLWuZnOLswSul5piFCtF9KsPvbx+tNls3 MIME-Version: 1.0 X-Received: by 10.60.83.233 with SMTP id t9mr26515128oey.73.1429198367711; Thu, 16 Apr 2015 08:32:47 -0700 (PDT) Received: by 10.76.68.68 with HTTP; Thu, 16 Apr 2015 08:32:47 -0700 (PDT) X-Originating-IP: [84.27.222.46] Date: Thu, 16 Apr 2015 17:32:47 +0200 Message-ID: Subject: CloudABI: Taking capability-based security to the next level? From: Ed Schouten To: hackers@freebsd.org Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2015 15:32:50 -0000 Hello fellow FreeBSD hackers, If you are planning on attending BSDCan this year, you may have noticed that I am going to give a talk on something mysterious called CloudABI[1]. I thought it would make sense to also announce its availability here before the conference. Before you read the announcement below, I would like to invite you to read a manifesto on capability-based security that I wrote. This document tries to explain the necessity for a system like CloudABI. https://docs.google.com/a/nuxi.nl/document/d/1tW_4CDRuy7HZSkUd6AcDccga_efuIx6ZoyNV9ZLXbJ8/edit # What is CloudABI? CloudABI is an alternative POSIX-like runtime environment that is purely based on the principles behind Capsicum. It can be used to design complex applications that behave correctly in an environment that enforces capability-based security. CloudABI executables can be executed in such a way that the expose as little as possible about the host operating system, making it perfectly suitable as a building block for a safe and secure cluster/cloud computing setup. It could also be used to add support for untrusted plugins and extensions to existing applications (like Google's Native Client, but not tied to a browser). Compared to FreeBSD's binary interface, CloudABI is extremely compact (~60 system calls). The idea behind this is that adding support for CloudABI to existing operating systems should not be hard. An implementation for FreeBSD exists and support for Linux is planned. The intent is that binaries can be executed on multiple operating systems without requiring any recompilation. Support for CloudABI has already been upstreamed to LLVM/Clang and Binutils. It is therefore very easy to build and install a cross compiler for CloudABI. Cross compilation has already been tested to work on Linux, FreeBSD and Mac OS X. CloudABI ships with a C library called cloudlibc. This C library has been designed in such a way that it works reliably in a sandboxed environment. Features that are known to break when using Capsicum on FreeBSD (timezones, locales) still work properly with cloudlibc. cloudlibc has high testing coverage. This high testing coverage will also play a crucial role in ensuring that operating systems implement support for CloudABI consistently. All of CloudABI is and will remain MIT/BSD licensed. The code can be found on GitHub: cloudlibc: https://github.com/NuxiNL/cloudlibc FreeBSD kernel modifications: https://github.com/NuxiNL/freebsd CloudABI has been developed by Nuxi, a company that I founded last year. Nuxi plans on offering commercial support on CloudABI and its components. Interested in hearing how CloudABI can make your product more secure? Please get in touch at info@nuxi.nl to see if there's anything we can do to help out! # Where to go from here? My goal is to present CloudABI at BSDCan and discuss all the fine details with anyone who is interested. Does the idea behind CloudABI sound appealing to you? Can you think of killer use cases? Be sure to talk to me at the conference. If you won't be attending BSDCan this year: no problem! Emails are also appreciated. In my opinion it would make sense to have support for CloudABI integrated into FreeBSD by the time the kernel module becomes more mature. Expect to see more discussions on the mailing lists by the time that happens. In the meantime, be sure to give CloudABI a try and let us know what you think. Instructions on how to obtain a toolchain and patch up your FreeBSD kernel are provided on cloudlibc's GitHub page. We'd love to hear your opinion! Thanks, -- Ed Schouten [1] CloudABI at BSDCan: http://www.bsdcan.org/2015/schedule/events/524.en.html