[Cryptography] Capability Systems

Jeff Burdges burdges at gnunet.org
Tue Aug 30 18:39:00 EDT 2016


On Tue, 2016-08-30 at 17:24 -0400, Perry E. Metzger wrote:
> Capability systems are an underused tool. I was very impressed a few
> years ago by Robert Watson et al's "Capsicum" paper, which showed how
> to graft a capability system on top of a POSIX style OS in a fairly
> reasonable fashion.
> https://www.usenix.org/legacy/event/sec10/tech/full_papers/Watson.pdf

In this vein, there is a thin libc alternative called CloudABI that
attempts to impost a capability-like approach at the library level.  I
wondered if the C world might be the wrong audience for this though.. 

The Rust community otoh is both more security conscious and happier to
experiment.  And the ecosystem is developing rapidly.  And several of
the larger projects in Rust right now tend to be highly security
conscious, like the HTML Engine Servo or the kernel Redox.

I therefore suspect a capability oriented fork of Rust's standard
library could gain some real traction, possibly replacing the current
standard library, influencing future kernels, etc. 

It's imho the right moment in time for capability advocates to rebuild
the Rust standard library the way they'd want it. 

Best,
Jeff


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160831/dce55b8b/attachment.sig>


More information about the cryptography mailing list