Date: Thu, 16 Apr 2015 17:32:47 +0200 From: Ed Schouten <ed@nuxi.nl> To: hackers@freebsd.org Subject: CloudABI: Taking capability-based security to the next level? Message-ID: <CABh_MK=44rw_vxMbXc_%2Bakpgkt%2BuUVb_dHhRzkpv8nGdcBpT5g@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello fellow FreeBSD hackers, If you are planning on attending BSDCan this year, you may have noticed that I am going to give a talk on something mysterious called CloudABI[1]. I thought it would make sense to also announce its availability here before the conference. Before you read the announcement below, I would like to invite you to read a manifesto on capability-based security that I wrote. This document tries to explain the necessity for a system like CloudABI. https://docs.google.com/a/nuxi.nl/document/d/1tW_4CDRuy7HZSkUd6AcDccga_efuIx6ZoyNV9ZLXbJ8/edit # What is CloudABI? CloudABI is an alternative POSIX-like runtime environment that is purely based on the principles behind Capsicum. It can be used to design complex applications that behave correctly in an environment that enforces capability-based security. CloudABI executables can be executed in such a way that the expose as little as possible about the host operating system, making it perfectly suitable as a building block for a safe and secure cluster/cloud computing setup. It could also be used to add support for untrusted plugins and extensions to existing applications (like Google's Native Client, but not tied to a browser). Compared to FreeBSD's binary interface, CloudABI is extremely compact (~60 system calls). The idea behind this is that adding support for CloudABI to existing operating systems should not be hard. An implementation for FreeBSD exists and support for Linux is planned. The intent is that binaries can be executed on multiple operating systems without requiring any recompilation. Support for CloudABI has already been upstreamed to LLVM/Clang and Binutils. It is therefore very easy to build and install a cross compiler for CloudABI. Cross compilation has already been tested to work on Linux, FreeBSD and Mac OS X. CloudABI ships with a C library called cloudlibc. This C library has been designed in such a way that it works reliably in a sandboxed environment. Features that are known to break when using Capsicum on FreeBSD (timezones, locales) still work properly with cloudlibc. cloudlibc has high testing coverage. This high testing coverage will also play a crucial role in ensuring that operating systems implement support for CloudABI consistently. All of CloudABI is and will remain MIT/BSD licensed. The code can be found on GitHub: cloudlibc: https://github.com/NuxiNL/cloudlibc FreeBSD kernel modifications: https://github.com/NuxiNL/freebsd CloudABI has been developed by Nuxi, a company that I founded last year. Nuxi plans on offering commercial support on CloudABI and its components. Interested in hearing how CloudABI can make your product more secure? Please get in touch at info@nuxi.nl to see if there's anything we can do to help out! # Where to go from here? My goal is to present CloudABI at BSDCan and discuss all the fine details with anyone who is interested. Does the idea behind CloudABI sound appealing to you? Can you think of killer use cases? Be sure to talk to me at the conference. If you won't be attending BSDCan this year: no problem! Emails are also appreciated. In my opinion it would make sense to have support for CloudABI integrated into FreeBSD by the time the kernel module becomes more mature. Expect to see more discussions on the mailing lists by the time that happens. In the meantime, be sure to give CloudABI a try and let us know what you think. Instructions on how to obtain a toolchain and patch up your FreeBSD kernel are provided on cloudlibc's GitHub page. We'd love to hear your opinion! Thanks, -- Ed Schouten <ed@nuxi.nl> [1] CloudABI at BSDCan: http://www.bsdcan.org/2015/schedule/events/524.en.html
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABh_MK=44rw_vxMbXc_%2Bakpgkt%2BuUVb_dHhRzkpv8nGdcBpT5g>