There had been various attempts for enforcing rule based access control in the Linux kernel. Many distributions nowadays enable some of in-tree LSM modules. However, many people are still disabling these modules because these modules are too complicated for them to use. Although white-listing approach is popular among security experts than black-listing approach, black-listing approach seems to be popular among those who are not security experts. In this presentation, CaitSith, a new type of rule based access control that mixed capability model and ACL model, is proposed. The rules in CaitSith are similar to network firewall and allow black-listing approach.
Expected audiences are Linux users who are disabling in-tree LSM modules or seeking for more simplified form of in-kernel access control. Audiences will know why CaitSith was developed and basic usage of CaitSith.