A taste of Capsicum: practical capabilities for UNIX

Authors:
Robert N. M. Watson;Jonathan Anderson;Ben Laurie;Kris Kennaway
Affiliations:
University of Cambridge, Cambridge, U.K.;University of Cambridge, Cambridge, U.K.;Google UK Ltd., London, U.K.;Google UK Ltd., London, U.K.
Venue:
Communications of the ACM
Year:
2012

Citing 12
Cited 0

On micro-kernel construction

SOSP '95 Proceedings of the fifteenth ACM symposium on Operating systems principles
EROS: a fast capability system

Proceedings of the seventeenth ACM symposium on Operating systems principles
Integrating Flexible Support for Security Policies into the Linux Operating System

Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference
LOCK: An Historical Perspective

ACSAC '02 Proceedings of the 18th Annual Computer Security Applications Conference
Protection in the Hydra Operating System

SOSP '75 Proceedings of the fifth ACM symposium on Operating systems principles
KeyKOS architecture

ACM SIGOPS Operating Systems Review
The Cambridge CAP computer and its operating system (Operating and programming systems series)

The Cambridge CAP computer and its operating system (Operating and programming systems series)
Preventing privilege escalation

SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
Privilege separation made easy: trusting small libraries not big processes

Proceedings of the 1st European Workshop on System Security
Wedge: splitting applications into reduced-privilege compartments

NSDI'08 Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation
Isolating web programs in modern browser architectures

Proceedings of the 4th ACM European conference on Computer systems
Capsicum: practical capabilities for UNIX

USENIX Security'10 Proceedings of the 19th USENIX conference on Security

Quantified Score

Hi-index	48.22

Visualization

Abstract

Capsicum is a lightweight operating system (OS) capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support decomposition of monolithic UNIX applications into compartmentalized logical applications, an increasingly common goal that is supported poorly by existing OS access control primitives. We demonstrate our approach by adapting core FreeBSD utilities and Google's Chromium Web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.