Concepedia

Publication | Closed Access

Capsicum: practical capabilities for UNIX

137

Citations

17

References

2010

Year

Robert N. M. Watson, Jonathan Anderson, Ben Laurie, Kris Kennaway

Unknown Venue

Abstract

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support the compartmentalization of monolithic UNIX applications into logical applications. We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques. 1

References

YearCitations

Page 1