Google Research

Capsicum: practical capabilities for UNIX

  • Robert N. M. Watson
  • Jonathan Anderson
  • Ben Laurie
  • Kris Kennaway
Proceedings of the 19th USENIX Security Symposium (2010)

Abstract

Capsicum is a lightweight operating system capabil- ity and sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, rather than replaces, UNIX APIs, providing new kernel primitives (sandboxed capability mode and capabilities) and a userspace sand- box API. These tools support compartmentalisation of monolithic UNIX applications into logical applications, an increasingly common goal supported poorly by dis- cretionary and mandatory access control. We demon- strate our approach by adapting core FreeBSD utilities and Google’s Chromium web browser to use Capsicum primitives, and compare the complexity and robustness of Capsicum with other sandboxing techniques.

Research Areas

Learn more about how we do research

We maintain a portfolio of research projects, providing individuals and teams the freedom to emphasize specific types of work