Source blog: Light Blue Touchpaper
Research Assistants and Associates in OS, Compiler and CPU Security
We are pleased to announce a job ad for two new research assistants or post-doctoral research associates working on our CTSRD Project, whose target research areas include OS, compiler, and CPU security. This is a joint project between the University of Cambridge’s Security, NetOS, and Computer Architecture research groups, as well as the Computer Science [...]
2013 Capsicum year in review
It’s been a busy year for Capsicum, practical capabilities for UNIX, so a year-end update seemed in order: The FreeBSD Foundation and Google jointly funded a Capsicum Integration Project that took place throughout 2013 — described by Foundation project technical director Ed Maste in a recent blog article. Pawel Jakub Dawidek refined several Capsicum APIs, improving [...]
Google funding of open-source security projects
I was pleased to contribute to a recent blog article by Ben Laurie, a frequent collaborator with the Cambridge security group, on the Google Open Source Programs Office blog. We describe open-source security work OSPO has sponsored over the last couple of years, including our joint work on Capsicum, and its followup projects funded jointly [...]
Job ad: pre- and post-doctoral posts in processor, operating system, and compiler security
The CTSRD Project is advertising two posts in processor, operating system, and compiler security. The first is a research assistant position, suitable for candidates who may not have a research background, and the second is a post-doctoral research associate position suitable for candidates who have completed (or will shortly complete) a PhD in computer science [...]
CACM: A decade of OS access-control extensibility
Operating-system access control technology has undergone a remarkable transformation over the last fifteen years as appliance, embedded, and mobile device vendors transitioned from dedicated “embedded operating systems” to general-purpose ones — often based on open-source UNIX and Linux variants. Device vendors look to upstream operating system authors to provide the critical low-level software foundations for [...]
Interviews on the clean-slate design argument
Over the past two years, Peter G. Neumann and I, along with a host of collaborators at SRI International and the University of Cambridge Computer Laboratory, have been pursuing CTSRD, a joint computer-security research project exploring fundamental revisions to CPU design, operating systems, and application program structure. Recently we’ve been talking about the social, economic, [...]
CFP: Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2013)
This year, we presented two papers at RESoLVE 2012 relating to the structure of operating systems and hardware, one focused on CPU instruction set security features out of our CTSRD project, and another on efficient and reconfigurable communications in data centres out of our MRC2 project. I’m pleased to announce the Call for Papers for RESoLVE [...]
ACM Queue interview on research into the hardware-software interface
ACM Queue has posted my August 2012 interview on research into the hardware-software interface. We discuss the importance of a whole-stack view in addressing contemporary application security problems, which are often grounded in how we represent and execute software over lower-level substrates. We need to consider CPU design, operating systems, programming languages, applications, and formal [...]
Call for papers: Workshop on Adaptive Host and Network Security
Stu Wagner, Bob Laddaga, and I are pleased to announce the call for papers for a new Workshop on Adaptive Host and Network Security, to take place at the Sixth IEEE Conference on Self-Adaptive and Self-Organizing Systems in September 2012 in Lyon, France. Over the past decade the threat of cyber attacks on critical commercial and [...]
Job ad: post-doctoral researcher in security, operating systems, computer architecture
We are pleased to announce a job opening at the University of Cambridge Computer Laboratory for a post-doctoral researcher working in the areas of security, operating systems, and computer architecture. Research Associate in compiler-assisted instrumentation of operating system kernels University of Cambridge – Faculty of Computer Science and Technology Salary: £27,578-£35,938 pa The funds for this post are available [...]
Capsicum in CACM Research Highlights
The Research Highlights section of Communications of the ACM from March 2012 features two articles on Capsicum, collaborative research by the Cambridge security group and Google on capability-oriented security for contemporary operating systems. The first, Technical Perspective: The Benefits of Capability-Based Protection by Steven Gribble, considers the value of capability systems (such as Capsicum) in [...]
Three-paper Thursday: capability systems
This week, my contribution to our three-paper Thursday research reading list series is on capability systems. Capabilities are unforgeable tokens of authority — capability systems are hardware, operating, or programming systems in which access to resources can occur only using capabilities. Capability system research in the 1970s motivated many fundamental insights into practical articulations of [...]
FreeBSD 9.0 ships with experimental Capsicum support
Jon Anderson, Ben Laurie, Kris Kennaway, and I were pleased to see prominent mention of Capsicum in the recent FreeBSD 9.0 press release: Continuing its heritage of innovating in the area of security research, FreeBSD 9.0 introduces Capsicum. Capsicum is a lightweight framework which extends a POSIX UNIX kernel to support new security capabilities and adds [...]
Job ad: post-doctoral researcher in security, operating systems, computer architecture
We are very pleased to announce a job opening at the University of Cambridge Computer Laboratory for a post-doctoral researcher working in the areas of security, operating systems, and computer architecture.
Capsicum: practical capabilities for UNIX
Today, Jonathan Anderson, Ben Laurie, Kris Kennaway, and I presented Capsicum: practical capabilities for UNIX at the 19th USENIX Security Symposium in Washington, DC; the slides can be found on the Capsicum web site. We argue that capability design principles fill a gap left by discretionary access control (DAC) and mandatory access control (MAC) in [...]