Access Restriction

Author Laurie, Ben ♦ Kennaway, Kris ♦ Watson, Robert N. M. ♦ Anderson, Jonathan
Source ACM Digital Library
Content type Text
Publisher Association for Computing Machinery (ACM)
File Format PDF
Language English
Abstract Capsicum is a lightweight operating system (OS) capability and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API. These tools support decomposition of monolithic UNIX applications into compartmentalized logical applications, an increasingly common goal that is supported poorly by existing OS access control primitives. We demonstrate our approach by adapting core FreeBSD utilities and Google's Chromium Web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.
Description Affiliation: Google UK Ltd., London, U.K. (Laurie, Ben; Kennaway, Kris) || University of Cambridge, Cambridge, U.K. (Watson, Robert N. M.; Anderson, Jonathan)
Age Range 18 to 22 years ♦ above 22 year
Educational Use Research
Education Level UG and PG
Learning Resource Type Article
Publisher Date 2005-08-01
Publisher Place New York
Journal Communications of the ACM (CACM)
Volume Number 55
Issue Number 3
Page Count 8
Starting Page 97
Ending Page 104

Open content in new tab

   Open content in new tab
Source: ACM Digital Library