KernelTrap: Secure Computing API

“Andrea Arcangli released an updated version of his secure
computing patch for the 2.6 Linux kernel. Along with the
announcement, Andrea also provides an interesting overview
discussing how the patch is implemented and how it can be useful to
others beyond himself. His own interests in the seccomp patch is
for his cpushare project which aims to offer the ability to buy and
sell spare cpu cycles over the internet. Describing his patch, he
begins, ‘for my purpose seccomp is the most robust and secure API I
could desire. Adding genericity isn’t the object, the object is to
keep it simple and obviously safe and as hard as possible to break.
I plan to eventually go a bit more complex (and in turn a bit less
secure from the point of view of the seller) with xen-like trusted
computing later once there will be enough hardware in the market to
make it worthwhile…'”