Version 1.5b Castle in the Sky
Pure capability-based security for UNIX
CloudABI is an alternative runtime environment for UNIX-like operating systems that is purely based on the principle of capability-based security. This makes it possible to create applications that are strongly sandboxed, easier to test and easier to maintain.
UNIX-like operating systems don't seem to make it easy to sandbox programs to harden them against exploits. They also don't allow you to run untrusted executables directly without compromising security, which is the reason why we require technology like virtual machines and containers to secure our systems.
I am going to talk about a system I am developing called CloudABI. CloudABI is a simplified POSIX-like runtime environment that is inspired by FreeBSD's Capsicum. It allows you to create exectables that can solely interact with the environment through file descriptors (capabilities). This not only makes CloudABI more secure than the traditional POSIX runtime, it also makes it easier to test programs through dependency injection. This makes CloudABI a perfect environment for developing microservices.
In my presentation I am going to focus on how CloudABI works, how you can develop software for it and how it works in practice.
Start time: 12:45
Room: Hall 6
- CloudABI on GitHub
- Software ported to CloudABI: the CloudABI Ports Collection
- Video Recording