SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
EROS: a fast capability system
Proceedings of the seventeenth ACM symposium on Operating systems principles
Integrating Flexible Support for Security Policies into the Linux Operating System
Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
LOCK: An Historical Perspective
ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
ACM SIGOPS Operating Systems Review
The Cambridge CAP computer and its operating system (Operating and programming systems series)
The Cambridge CAP computer and its operating system (Operating and programming systems series)
Preventing privilege escalation
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
The flask security architecture: system support for diverse security policies
SSYM'99 Proceedings of the 8th conference on USENIX Security Symposium - Volume 8
USITS'97 Proceedings of the USENIX Symposium on Internet Technologies and Systems on USENIX Symposium on Internet Technologies and Systems
Privilege separation made easy: trusting small libraries not big processes
Proceedings of the 1st European Workshop on System Security
Wedge: splitting applications into reduced-privilege compartments
NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Isolating web programs in modern browser architectures
Proceedings of the 4th ACM European conference on Computer systems
Language-independent sandboxing of just-in-time compilation and self-modifying code
Proceedings of the 32nd ACM SIGPLAN conference on Programming language design and implementation
Rounding pointers: type safe capabilities with C++ meta programming
PLOS '11 Proceedings of the 6th Workshop on Programming Languages and Operating Systems
A taste of Capsicum: practical capabilities for UNIX
Communications of the ACM
Isolating commodity hosted hypervisors with HyperLock
Proceedings of the 7th ACM european conference on Computer Systems
Carrying goals to newcastle: a tribute to brian randell
Dependable and Historic Computing
Secure programming via visibly pushdown safety games
CAV'12 Proceedings of the 24th international conference on Computer Aided Verification
Adaptive defenses for commodity software through virtual application partitioning
Proceedings of the 2012 ACM conference on Computer and communications security
Enforcing user-space privilege separation with declarative architectures
Proceedings of the seventh ACM workshop on Scalable trusted computing
A decade of OS access-control extensibility
Communications of the ACM
A Decade of OS Access-control Extensibility
Queue - Web Development
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Modelling Access Propagation in Dynamic Systems
ACM Transactions on Information and System Security (TISSEC)
A versatile code execution isolation framework with security first
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Bringing java's wild native world under control
ACM Transactions on Information and System Security (TISSEC)
| Hi-index | 0.03 |
Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by discretionary and mandatory access control. We demonstrate our approach by adapting core FreeBSD utilities and Google's Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.