Using fs views to isolate untrusted processes: I need an assistantarchitect in the USA for Phase I of a DARPA funded linux kernel project

From: Hans Reiser
Date: Sun Aug 01 2004 - 20:21:44 EST

Next message: Rik van Riel: "Re: [PATCH] token based thrashing control"
Previous message: Tommy Reynolds: "Re: Oops in register_chrdev, what did I do?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

You can think of this as chroot on steroids. The idea is to use the concept of views, in which one specifies a description of what in the fs should be visible in the view, and extend them to become "tracing views" which automate the creation of "viewprints", which contain what a process attempted to access during some period when it was being supervised, and then use these viewprints to conveniently specify a view that defines what the process should be allowed to access. It is not that this is better than chroot, it is that it is to be made much less human work to use than chroot, as chroot is used much too rarely in practice.

Another concept of the proposal is that of process oriented security, as opposed to the object oriented security usual to filesystems. These viewprints will be associated with the executables of the processes being isolated, not with the files, and this is academically amusing as a distinction I think.

You can find details of our proposal at www.namesys.com/blackbox_security.html. You have to be able to perform the work in the US (a government requirement for this contract), which means that I cannot use my current Russian staff (the US State department is making it hard to get visas these days).

If you have an interest in filesystems, views, security, and the linux kernel, you might find it fun. It should be a nice opportunity for an ambitious young software architect, and I like to think that the people who work for me learn a bit. The infrastructure you will help spec out will be useful for lots of other purposes besides security (version control, search refinement, etc.) The work will be GPL'd, etc.

If you would like to know more about namesys and reiser4, you can look at www.namesys.com

Please email me directly if it interests you rather than just responding to the thread.

Hans
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rik van Riel: "Re: [PATCH] token based thrashing control"
Previous message: Tommy Reynolds: "Re: Oops in register_chrdev, what did I do?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]