Version 1.5b Castle in the Sky

lecture: CloudABI

Pure capability-based security for UNIX

Event large 4b8aa978adbb7c8e80151f5a83c6782a12e763374ae3a042a55e7e626a64d93b

CloudABI is an alternative runtime environment for UNIX-like operating systems that is purely based on the principle of capability-based security. This makes it possible to create applications that are strongly sandboxed, easier to test and easier to maintain.

UNIX-like operating systems don't seem to make it easy to sandbox programs to harden them against exploits. They also don't allow you to run untrusted executables directly without compromising security, which is the reason why we require technology like virtual machines and containers to secure our systems.

I am going to talk about a system I am developing called CloudABI. CloudABI is a simplified POSIX-like runtime environment that is inspired by FreeBSD's Capsicum. It allows you to create exectables that can solely interact with the environment through file descriptors (capabilities). This not only makes CloudABI more secure than the traditional POSIX runtime, it also makes it easier to test programs through dependency injection. This makes CloudABI a perfect environment for developing microservices.

In my presentation I am going to focus on how CloudABI works, how you can develop software for it and how it works in practice.

Info

Day: 2015-12-28
Start time: 12:45
Duration: 01:00
Room: Hall 6
Track: Security
Language: en

Links:

Files

Feedback

Click here to let us know how you liked this event.

Concurrent Events

Hall 2
Net Neutrality in Europe
Hall G
Lightning Talks Day 2