Sciweavers

USS
2010

Capsicum: Practical Capabilities for UNIX

13 years 10 months ago
Capsicum: Practical Capabilities for UNIX
Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google's Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.
Robert N. M. Watson, Jonathan Anderson, Ben Laurie
Added 15 Feb 2011
Updated 15 Feb 2011
Type Journal
Year 2010
Where USS
Authors Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway
Comments (0)