http://kernsec.org/wiki/index.php?action=history&feed=atom&title=Linux_Security_Summit_2012%2FAbstracts%2FHanda Linux Security Summit 2012/Abstracts/Handa - Revision history 2026-04-20T17:29:05Z Revision history for this page on the wiki MediaWiki 1.36.1 http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2012/Abstracts/Handa&diff=3338&oldid=prev JamesMorris: /* Presenter */ 2012-06-27T14:03:25Z <p><span dir="auto"><span class="autocomment">Presenter</span></span></p> <table style="background-color: #fff; color: #202122;" data-mw="interface"> <col class="diff-marker" /> <col class="diff-content" /> <col class="diff-marker" /> <col class="diff-content" /> <tr class="diff-title" lang="en"> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">← Older revision</td> <td colspan="2" style="background-color: #fff; color: #202122; text-align: center;">Revision as of 14:03, 27 June 2012</td> </tr><tr><td colspan="2" class="diff-lineno" id="mw-diff-left-l5">Line 5:</td> <td colspan="2" class="diff-lineno">Line 5:</td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Presenter ==</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr> <tr><td class="diff-marker" data-marker="−"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #ffe49c; vertical-align: top; white-space: pre-wrap;"><div>Tetsuo Handa, NTT <del style="font-weight: bold; text-decoration: none;">Data Intellilink</del></div></td><td class="diff-marker" data-marker="+"></td><td style="color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #a3d3ff; vertical-align: top; white-space: pre-wrap;"><div>Tetsuo Handa, NTT</div></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><br/></td></tr> <tr><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td><td class="diff-marker"></td><td style="background-color: #f8f9fa; color: #202122; font-size: 88%; border-style: solid; border-width: 1px 1px 1px 4px; border-radius: 0.33em; border-color: #eaecf0; vertical-align: top; white-space: pre-wrap;"><div>== Abstract ==</div></td></tr> </table> JamesMorris http://kernsec.org/wiki/index.php?title=Linux_Security_Summit_2012/Abstracts/Handa&diff=3306&oldid=prev JamesMorris: New page: == Title == CaitSith - A New Type of Rule Based In-kernel Access Control == Presenter == Tetsuo Handa, NTT Data Intellilink == Abstract == There had been various attempts for enforcin... 2012-06-27T04:22:56Z <p>New page: == Title == CaitSith - A New Type of Rule Based In-kernel Access Control == Presenter == Tetsuo Handa, NTT Data Intellilink == Abstract == There had been various attempts for enforcin...</p> <p><b>New page</b></p><div>== Title ==<br /> <br /> CaitSith - A New Type of Rule Based In-kernel Access Control<br /> <br /> == Presenter ==<br /> <br /> Tetsuo Handa, NTT Data Intellilink<br /> <br /> == Abstract ==<br /> <br /> There had been various attempts for enforcing rule based access control in the<br /> Linux kernel. Many distributions nowadays enable some of in-tree LSM modules.<br /> However, many people are still disabling these modules because these modules<br /> are too complicated for them to use. Although white-listing approach is popular<br /> among security experts than black-listing approach, black-listing approach<br /> seems to be popular among those who are not security experts. In this<br /> presentation, CaitSith, a new type of rule based access control that mixed<br /> capability model and ACL model, is proposed. The rules in CaitSith are similar<br /> to network firewall and allow black-listing approach.<br /> <br /> Expected audiences are Linux users who are disabling in-tree LSM modules, are<br /> seeking for more simplified form of in-kernel access control, or are developing<br /> LSM modules. Audiences will know why CaitSith was developed and basic usage of<br /> CaitSith.<br /> <br /> <br /> Tetsuo Handa is the main author of TOMOYO (one of in-tree LSM modules), AKARI<br /> (loadable kernel module version of TOMOYO) and CaitSith. He had been involved<br /> in the area of in-kernel access control from April 2003 to March 2012 at NTT<br /> DATA CORPORATION, Japan. He had talks/BoFs at several Linux related<br /> international conferences and PacSec 2008.</div> JamesMorris