CaitSith - a new type of rule based in-kernel access control

A session at LinuxCon North America 2012

  • Tetsuo Handa

Wednesday 29th August, 2012

2:00pm to 2:45pm (PST)

There had been various attempts for enforcing rule based access control in the Linux kernel. Many distributions nowadays enable some of in-tree LSM modules. However, many people are still disabling these modules because these modules are too complicated for them to use. Although white-listing approach is popular among security experts than black-listing approach, black-listing approach seems to be popular among those who are not security experts. In this presentation, CaitSith, a new type of rule based access control that mixed capability model and ACL model, is proposed. The rules in CaitSith are similar to network firewall and allow black-listing approach.

Expected audiences are Linux users who are disabling in-tree LSM modules or seeking for more simplified form of in-kernel access control. Audiences will know why CaitSith was developed and basic usage of CaitSith.

About the speaker

This person is speaking at this event.
Tetsuo Handa


Sign in to add slides, notes or videos to this session

Tell your friends!


Time 2:00pm2:45pm PST

Date Wed 29th August 2012

Short URL


View the schedule


See something wrong?

Report an issue with this session