Void Processes: Minimising privilege by default

This is an idea proposed in 2021 as a Cambridge Computer Science Part III or MPhil project, and has been completed by Jake Hillion. It was supervised by Anil Madhavapeddy.

Void processes intend to make it easier for all developers to produce effectively privilege separated applications. The project has two primary goals: show the merits of starting from zero privilege, and provide the utilities to make this feasible for the average developer.

Building void processes involves first reliably removing all privilege from a process then systematically adding back in what is required, and no more. This project utilises Linux namespaces to revoke privilege from an application, showing how this can be done and why its easier in some domains than others. It then shows how to inject sufficient privilege for applications to perform useful work, developing new APIs that are friendly for privilege separation. These elements compose a shim called the "void orchestrator", a framework for restricting Linux processes.

Links

• The dissertation is available as a PDF, with associated blog post and LaTeX source.
• The source code to the void orchestrator prototype is at jakehillion/void-orchestrator.

# 1st Jan 2021   ideas docker idea-done idea-hard linux security systems

Related News

• Information Flow for Trusted Execution / Jan 2020