Version almost final
lecture: CloudABI
Cloud computing meets fine-grained capabilities
CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cluster/cloud computing platform.
Instead of offering full machine virtualization (e.g., KVM, Xen, bhyve) or requiring the use of intrusive OS-level virtualization techniques (e.g., LXC, FreeBSD Jails, Solaris Zones), end users can simply provide a set of binaries that communicate with the operating system over a secure and compact POSIX-like interface. CloudABI allows you to run untrusted programs directly on top of a UNIX kernel, without compromising security and without requiring complex configuration.
CloudABI makes strong use of capability-based security. Instead of determining the rights of an application through complex ACLs, access to resources is determined by a set of tokens (in this case, file descriptors) that can be altered at run-time. This allows software engineers to harden their software by applying 'defense in depth'.
In this presentation I will discuss several design aspects of CloudABI and how it can be used to make UNIX software more reliable, more secure and easier to test and deploy.
Info
Day:
2015-08-22
Start time:
16:30
Duration:
01:00
Room:
HS 5
Track:
Security
Language:
en
Links:
Feedback
Click here to let us know how you liked this event.
Concurrent events
- HS 8
- Humanising Math and Physics
- HS 3
- Bloonix
- HS 4
- Webcrawler
- C117 (Workshops 2)
- Docker Workshop
- HS 7
- Mein Server läuft auch ohne Kunden
- C120 (Java)
- Apache Solr 5
- C118 (PHP)
- Destructing PHP
- C116 (Cologne.js)
- Don't cross the sites!
- C119 (Python/Wordpress)
- Unit-Tests für Einsteiger
- HS 1
- Situation Normal, Everything Must Change
Speakers
 |
Ed Schouten |