Linux Security Summit 2014/Abstracts/Drysdale

From Linux Kernel Security Subsystem
Revision as of 16:06, 15 July 2014 by JamesMorris (talk | contribs) (New page: == Title == Capsicum on Linux == Presenter == David Drysdale, Google == Abstract == Capsicum is a lightweight security framework, blending concepts from object-capability security wit...)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Title

Capsicum on Linux

Presenter

David Drysdale, Google

Abstract

Capsicum is a lightweight security framework, blending concepts from object-capability security with POSIX operating system semantics.

In particular, Capsicum allows the operations that can be performed on individual file descriptors to be restricted to those specified by a set of fine-grained rights.

Capsicum also implements capability mode, which restricts a process from using system calls that access global namespaces (such as the directory hierarchy or IP:port space), and so prevents access to any new resources.

The combination of these features allows security-aware applications to sandbox themselves in a precise manner, without relying on external policy.

Capsicum was originally created at the University of Cambridge Computing Laboratory [1] and implemented in FreeBSD 9.0. Google is currently implementing equivalent functionality for the Linux kernel.

This discussion topic covers the core concepts of Capsicum, together with the specific issues arising from the Linux kernel implementation.


[1] http://www.cl.cam.ac.uk/research/security/capsicum/papers/2010usenix-security-capsicum-website.pdf