EuroPython 2016

CloudABI: Capability based security on Linux/Unix

Speaker(s) Alex Willmer

CloudABI is a new POSIX based computing environment that brings capability-based security to BSD, Linux, OSX et al.

Unlike traditional Unix, if a CloudABI process goes rogue it cannot execute random binaries, or read arbitrary files. This is achieved by removing open() & any other API able to acquire global resources. Instead a CloudABI process must be granted capabilities to specific resources (e.g. directories, files, sockets) in the form of file descriptors. If a process only has a descriptor for /var/www then it’s incapable of affecting any file or folder outside that directory.

This talk will

  • Review the security & reusability problems of Linux & Unix processes
  • Introduce capability-based security
  • Summarize the design of CloudABI - its benefits & trade-offs
  • Demonstrate how to write Python software for CloudABI & run it
  • Point out the pitfalls & gotchas to be aware of
  • Discuss the current & future status of CloudABI

CloudABI began life on FreeBSD. It also runs DragonFly BSD, NetBSD, PC-BSD, Arch Linux, Debian, Ubuntu, & OS X. The API & ABI are kernel agnostic - a CloudABI binary can run on any supported kernel. The design is evolved from Capsicum, a library that allows processes to drop access to undesired syscalls at runtime. CloudABI applies this at build time to make testing & lock-down easier.

in on Tuesday 19 July at 11:15 See schedule

Do you have some questions on this talk?

New comment