University of Cambridge > Talks.cam > Computer Laboratory Security Group meeting presentations > Capsicum: Practical capabilities for UNIX

Capsicum: Practical capabilities for UNIX

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact Jonathan Anderson.

Capsicum is a lightweight operating system capability and sandbox framework planned for inclusion in FreeBSD 9.

Capsicum extends, rather than replaces, UNIX AP Is, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sandbox API . These tools support the compartmentalization of monolithic UNIX applications into logical applications.

We demonstrate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

This talk is part of the Computer Laboratory Security Group meeting presentations series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2014 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity