Date: Sat, 14 Aug 2010 20:19:48 +0100 (BST) From: Robert Watson <robert.watson@cl.cam.ac.uk> To: Hugo Silva <hugo@barafranca.com> Cc: freebsd-security@FreeBSD.org Subject: Re: Capsicum: practical capabilities for UNIX (fwd) Message-ID: <alpine.BSF.2.00.1008142017360.17208@fledge.watson.org> In-Reply-To: <4C650A01.5070002@barafranca.com> References: <alpine.BSF.2.00.1008130533540.76639@fledge.watson.org> <4C650A01.5070002@barafranca.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 13 Aug 2010, Hugo Silva wrote: >> For those following security and access control in FreeBSD, this may be of >> interest. We'll have updated patches for Capsicum available for FreeBSD >> 8.1 in the next week or so. Feedback on the approach would be most >> welcome! > > Very nice. I am looking forward to play with this ;-) Thanks! Right now our prototype is against a month or so old 9-CURRENT, with a somewhat more recent 8.x snapshot. Several of us are on travel now but with any luck we can do a set of patches against a vanilla 8.1 later in the month. The merge plan for 9.x isn't determined yet, we have a number of issues that need to be worked through, including a few missing features and more extensive test suites. For those that are interested in lending a hand as early adopters, we have a Capsicum mailing list which can be subscribed to via our web page: http://www.cl.cam.ac.uk/research/security/capsicum/ This work is increasingly ready to get attention from folks other than us! Robert > >> >> ---------- Forwarded message ---------- >> Date: Thu, 12 Aug 2010 03:00:03 -0000 >> From: Light Blue Touchpaper <notify+lbt-admin@cl.cam.ac.uk> >> Reply-To: cl-security-research@lists.cam.ac.uk >> To: cl-security-research@lists.cam.ac.uk >> Subject: Capsicum: practical capabilities for UNIX >> >> URL: >> http://www.lightbluetouchpaper.org/2010/08/12/capsicum-practical-capabilities-for-unix/ >> by Robert N. M. Watson >> >> Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented >> [Capsicum: >> practical capabilities for UNIX][1] at the [19th USENIX Security >> Symposium][2] >> in Washington, DC; the [slides][3] can be found on the [Capsicum web >> site][4]. >> We argue that capability design principles fill a gap left by discretionary >> access control (DAC) and mandatory access control (MAC) in operating >> systems >> when supporting security-critical and security-aware applications. >> >> Capsicum responds to the trend of application compartmentalisation >> (sometimes >> called privilege separation) by providing strong and well-defined isolation >> primitives, and by facilitating rights delegation driven by the application >> (and >> eventually, user). These facilities prove invaluable, not just for >> traditional >> security-critical programs such as tcpdump and OpenSSH, but also complex >> security-aware applications that map distributed security policies into >> local >> primitives, such as Google's Chromium web browser, which implement the >> same- >> origin policy when sandboxing JavaScript execution. >> >> Capsicum extends POSIX with a new _capability mode_ for processes, and >> _capability_ file descriptor type, as well as supporting primitives such as >> _process descriptors_. Capability mode denies access to global operating >> system >> namespaces, such as the file system and IPC namespaces: only delegated >> rights >> (typically via file descriptors or more refined capabilities) are available >> to >> sandboxes. We prototyped Capsicum on FreeBSD 9.x, and have extended a >> variety of >> applications, including Google's Chromium web browser, to use Capsicum for >> sandboxing. Our paper discusses design trade-offs, both in Capsicum and in >> applications, as well as a performance analysis. Capsicum is available >> under a >> BSD license. >> >> Capsicum is collaborative research between the University of Cambridge and >> Google, and has been sponsored by Google, and will be a foundation for >> future >> work on application security, sandboxing, and usability security at >> Cambridge >> and Google. Capsicum has also been backported to FreeBSD 8.x, and Heradon >> Douglas at Google has an in-progress port to Linux. >> >> We're also pleased to report the Capsicum paper won Best Student Paper >> award at >> the conference! >> >> [1]: >> http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix- >> security-capsicum-website.pdf >> >> [2]: http://www.usenix.org/events/sec10/ >> >> [3]: http://www.cl.cam.ac.uk/research/security/capsicum/slides/20100811 >> -usenix-capsicum.pdf >> >> [4]: http://www.cl.cam.ac.uk/research/security/capsicum/ >> >> _______________________________________________ >> freebsd-security@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-security >> To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.00.1008142017360.17208>