CloudABI: Cloud computing meets fine-grained capabilities

CloudABI is a new runtime environment that attempts to make it easier to use UNIX-like operating systems at the core of a cluster/cloud computing platform.

Instead of offering full machine virtualization (e.g., KVM, Xen, bhyve) or requiring the use of intrusive OS-level virtualization techniques (e.g., LXC, FreeBSD Jails, Solaris Zones), end users can simply provide a set of binaries that communicate with the operating system over a secure and compact POSIX-like interface. CloudABI allows you to run untrusted programs directly on top of a UNIX kernel, without compromising security and without requiring complex configuration.

CloudABI makes strong use of capability-based security. Instead of determining the rights of an application through complex ACLs, access to resources is determined by a set of tokens (in this case, file descriptors) that can be altered at run-time. This allows software engineers to harden their software by applying 'defense in depth'.

In this presentation I will discuss several design aspects of CloudABI and how it can be used to make UNIX software more reliable, more secure and easier to test and deploy.

Length: 51:27
Views 60 Likes: 0
Recorded on 2015-11-28 at T-DOSE
Look for other videos at T-DOSE.
Tweet this video
cloud cloudABI