I've uploaded my own Japanese translation of Jos's speech at Stanford University at http://www.slideshare.net/haradats/youve-got-to-find-what-you-love-jobs-says.
If you treasure the original speech like I do, why don't you make and share your version in your language?
This kit is a LaTeX template including the speech text. All you need is replace "*Your*" with translations and compile.
Enjoy.
Hint:
To adjust the horizontal positions of paragraphs, \baselineskip is handy.
Note:
The original text which has been published at the Stanford University is slightly different from the spoken words. My guess is that Stanford text is based on Job's memo received from Jobs.
My own Japanese translation of the legendary Steven Jobs's speech at the Stanford university.
Browser version available in http://slides.com/haradats/deck#/
この翻訳および文書の作成は、2015年10月23日に芝浦工業大学で行った講義、「人生をより良く生きるためのプレゼンーション入門」の資料として作成したものです。
PDFファイルは下記でダウンロードできます。
http://www11.plala.or.jp/tsh/stanford.pdf
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms.
This document discusses the advantages and disadvantages of label-based access control versus pathname-based access control. It notes that while label-based access control is robust against changes to pathnames and namespaces, the location and name of a file still have meaning in terms of how the system behaves and provides services. The document argues that restricting pathname changes is important for preventing unintended system behavior and maintaining system availability. It suggests that both label-based and pathname-based access controls are needed and that the LSM should support both.
TOMOYO Linux is an extension of the Linux kernel that adds process tracing capabilities. It automatically stores the "process invocation history" which shows how each process was created. This allows users to browse the entire process tree and see the relationships between running processes. The TOMOYO Linux policy editor provides a command line interface to view the stored process histories on a system and monitor actions caused by each process. TOMOYO Linux can help provide visibility into process activity and is maintained as an open source project with repositories of patched kernels and tools.
This document provides an introduction to securing Linux systems. It begins by explaining the types of exploits that can compromise Linux systems and gain root access. It then discusses how traditional Linux security methods like discretionary access controls (DAC) and firewalls are insufficient to prevent exploits. The document introduces mandatory access controls (MAC) as an enhancement that can restrict what programs are allowed to do even with root privileges. It emphasizes that MAC systems require security policies to define which accesses should be allowed or denied to provide protection while maintaining usability. The goal of secure Linux extensions is to grant necessary access according to policies while rejecting all other access attempts.
This document summarizes the key differences between SELinux and TOMOYO Linux access control systems. SELinux focuses on restricting programs based on security labels, while TOMOYO Linux focuses on restricting programs based on their process invocation history and parameters. The document argues that while label-based access control has limitations in guaranteeing information flow, TOMOYO Linux can help reinforce access control by restricting programs' actions and parameters within the kernel.
This document discusses the TOMOYO Linux access control system. It describes two versions of TOMOYO - version 1.6 which does not use Linux Security Modules (LSM) and version 2.2 which modifies TOMOYO to use LSM. The document then provides examples of how TOMOYO can provide access control based on file/directory names and parameters to address scenarios like restricting file uploads and executions. It argues that while label-based access control controls permissions, name-based controls like TOMOYO can address additional factors around how file contents are processed once in userspace.
The document proposes a method called "login authentication multiplexing" to strengthen login authentication security by enforcing multiple authentications rather than a single authentication. It involves placing extra authentication programs after the initial login that must be passed before accessing protected resources. This approach reduces vulnerabilities, allows flexible policies, and prevents damage until all authentications are passed. Practical issues like restricting shell access and remote access programs are also discussed.
The document discusses operating system security and introduces TOMOYO Linux as an access control mechanism for Linux that can restrict administrator privileges and limit the damage caused by stolen devices or exploited vulnerabilities. It explains that TOMOYO Linux tracks process executions to generate security policies and allows administrators to view process histories to define access control rules. The presentation also provides an overview of SELinux and concludes with an announcement of a demonstration of TOMOYO Linux's policy learning mode capabilities.
The document discusses porting TOMOYO Linux, a MAC implementation for Linux, to the Android platform. It describes patching the Android kernel with the TOMOYO patch, adapting the TOMOYO policy tools for embedded use, and integrating a TOMOYO policy loader into the Android boot process. Key challenges addressed include splitting security domains given Android's "fork vs exec" app launching approach and using TOMOYO's conditional ACLs to work with Android's existing DAC permissions. A demo is provided of remote management of Android policies using the TOMOYO tools.
Learning, Analyzing and Protecting Android with TOMOYO Linux (JLS2009)Toshiharu Harada, Ph.D
TOMOYO Linux is a MAC (Mandatory Access Control) implementation which gives support to protect Linux systems as well as to learn, understand and analyze system behavior. Being lightweight, it results suitable for embedded systems too. This tutorial aims to show in a practical way how to make the best use of TOMOYO Linux potentials in order to study and protect embedded Linux systems, taking Android as a specific study case. Though Android is amazingly expanding its target to various kinds of devices, it was designed mainly for mobile phones. Then, unlike other embedded operating systems, it presents some peculiar characteristics which require a particular attention to apply MAC effectively. The session is directed to those who want to learn how to use TOMOYO Linux, to managers or developers interested in security concerning embedded Linux and Android, and even to anyone just wishing to take a closer glance at Android internals.
Kernel Development: Drawing Lessons from "Mistakes" (Japan Linux Symposium 2009)Toshiharu Harada, Ph.D
Every kernel developer knows that Linux comes with plenty of precious documentation as an integral part. From coding style to how to post patches, almost everything has been documented. However, history shows that error is human nature. Sometimes developers do not well know Don’ts, but there are also cases when they make mistakes despite being aware of such rules. Why this happen is unsolved, but a documentation, so far missing, of the consequences of this misbehavior could discourage it. The presenter is project manager of TOMOYO Linux, a security enhancement feature merged in version 2.6.30. Thinking open-minded, he decided to share the errors his project made, wishing it could be a helpful warning to other projects, especially newcomers. In this presentation, it will try to explain the mistake circumstances in TOMOYO Linux project, highlighting the thoughts of project members and the community reactions. No prior kernel development experiences are necessary.
PacSec2007: TOMOYO Linux: A Practical Method to Understand and Protect Your O...Toshiharu Harada, Ph.D
This document discusses TOMOYO Linux, a security enhancement for Linux that uses mandatory access control (MAC). It compares TOMOYO Linux to SELinux and AppArmor. Key points: TOMOYO Linux automatically defines security domains based on process invocation history (call chains), allowing it to distinguish identical programs run under different conditions. It also includes a policy editor to view process behavior and restrict access without pre-defining policies. This gives users control over security without needing expert knowledge usually required by other MAC systems.
75. 視点を逆転した
「まずドメインを定義し、ドメインに対して
パーミッションや資源を関連付ける」から「まず資源を
定義し、資源に対してパーミッションやドメインを
関連付ける」に切り替えた。
Capabilityモデル Access control listモデル
can only
can be
on
by
only
74
76. RWXfilterのポリシー構文
"資源" "アクセス制御モード"
"動作1" by "動作1が許可されるドメイン1"
"動作2" by "動作2が許可されるドメイン2"
"動作3" by "動作3が許可されるドメイン3"
"資源"はTOMOYOのパス名表記
"アクセス制御モード"はpermissiveまたはenforcing
"動作X"はreadまたはwriteまたはexecute
"動作Xが許可されるドメインX"はTOMOYOのドメイン名表記
75
90. どうすれば両方のアプローチの
いいとこどりができる?
TOMOYOは**主体**の視点から作られ、機能を強化することに
重点が置かれている。
can only
on
RWXfilterは**客体**の視点から作られ、使い勝手を向上する
ことに重点が置かれている。
can be
by
only
89
91. 動作をキーにしてみたら?
Capabilityモデル + Access control listモデル
=> Action check listモデル
Check if is Grant or deny the request if
requested.
Check if by by and on are true.
is requested. Grant or deny the request if
Check if on
on is true.
is requested.
Grant or deny the request if
Check if by
by is true.
and on
is requested. Grant or deny the request.
90