Re: Introducing CloudABI: a pure capability-based runtime for NetBSD (and other systems)

[David Young <dyoung%pobox.com@localhost>]

On Thu, Jun 25, 2015 at 03:11:51PM +0200, Ed Schouten wrote:
> Hello NetBSD hackers,
> 
> Two weeks ago I gave a talk at BSDCan about something I've been
> working on for the last half a year called CloudABI[1]. In short,
> CloudABI is an alternative UNIX-like runtime environment that purely
> uses capability-based security, strongly influenced by Capsicum[2].

Ed,

It has always seemed to me that it will be easier for a user to form and
to operate a mental model for a capability system, especially if the
system makes the capabilities visible, than to model any rules-based
system.  So capabilities have always looked like a good foundation for
building *usable* security.

Initially, I was very excited about Capsicum, "practical capabilities
for UNIX".  But it seems like Capsicum isn't for users, it is for
developers: in the examples I have read, you have to modify a program's
source to make good use of Capsicum.  That seems like an unnecessarily
high barrier to use.

That brings me to my question about CloudABI.  It sounds like CloudABI
is aimed at developers, who would adapt programs to work with the new
run-time?  Or is there an upside to CloudABI for users, too?

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981