From: Hans Reiser <reiser@namesys.com>
To: LKML <linux-kernel@vger.kernel.org>,
ReiserFS List <reiserfs-list@namesys.com>
Subject: Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project
Date: Sun, 01 Aug 2004 18:20:28 -0700 [thread overview]
Message-ID: <410D96DC.1060405@namesys.com> (raw)
You can think of this as chroot on steroids. The idea is to use the
concept of views, in which one specifies a description of what in the fs
should be visible in the view, and extend them to become "tracing views"
which automate the creation of "viewprints", which contain what a
process attempted to access during some period when it was being
supervised, and then use these viewprints to conveniently specify a view
that defines what the process should be allowed to access. It is not
that this is better than chroot, it is that it is to be made much less
human work to use than chroot, as chroot is used much too rarely in
practice.
Another concept of the proposal is that of process oriented security, as
opposed to the object oriented security usual to filesystems. These
viewprints will be associated with the executables of the processes
being isolated, not with the files, and this is academically amusing as
a distinction I think.
You can find details of our proposal at
www.namesys.com/blackbox_security.html. You have to be able to perform
the work in the US (a government requirement for this contract), which
means that I cannot use my current Russian staff (the US State
department is making it hard to get visas these days).
If you have an interest in filesystems, views, security, and the linux
kernel, you might find it fun. It should be a nice opportunity for an
ambitious young software architect, and I like to think that the people
who work for me learn a bit. The infrastructure you will help spec out
will be useful for lots of other purposes besides security (version
control, search refinement, etc.) The work will be GPL'd, etc.
If you would like to know more about namesys and reiser4, you can look
at www.namesys.com
Please email me directly if it interests you rather than just responding
to the thread.
Hans
next reply other threads:[~2004-08-02 1:20 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-08-02 1:20 Hans Reiser [this message]
2004-08-25 20:25 ` Using fs views to isolate untrusted processes: I need an assistant architect in the USA for Phase I of a DARPA funded linux kernel project Rik van Riel
2004-08-25 20:56 ` Tim Hockin
2004-08-25 21:23 ` Mike Waychison
2004-08-26 6:31 ` Hans Reiser
2004-08-26 13:59 ` Stephen Smalley
2004-08-25 23:19 ` Kyle Moffett
2004-08-26 0:16 ` Mike Waychison
2004-08-26 0:50 ` Kyle Moffett
2004-08-26 1:06 ` Chris Wright
2004-08-26 4:16 ` Kyle Moffett
2004-08-26 4:29 ` viro
2004-08-26 4:52 ` Kyle Moffett
2004-08-26 5:01 ` viro
2004-08-26 0:56 ` Chris Wright
2004-08-26 7:52 ` Hans Reiser
2004-08-26 8:48 ` Hans Reiser
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=410D96DC.1060405@namesys.com \
--to=reiser@namesys.com \
--cc=linux-kernel@vger.kernel.org \
--cc=reiserfs-list@namesys.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox