Capsicum: practical capabilities for UNIX

Capsicum - Publications, talks, and documentation

Capsicum is an experimental and rapidly evolving system, so documentation on how to use and develop it continues to be a work in progress. Here you can find some of our papers/articles, talks, blog posts, tech news articles, and formal programmer documentation.

• Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, and Alex Richardson. Clean Application Compartmentalization with SOAAP, Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, CO, USA, October 2015.
• William R. Harris (University of Wisconsin, Madison), Somesh Jha (University of Wisconsin, Madison), Thomas Reps (University of Wisconsin, Madison), Jonathan Anderson (University of Cambridge), and Robert N. M. Watson (University of Cambridge). Declarative, Temporal, and Practical Programming with Capabilities. IEEE Symposium on Security and Privacy ("Oakland"), May, 2013.
• Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan Anderson, Peter G. Neumann, and Ben Laurie. Towards a theory of application compartmentalisation. Security Protocols Workshop, March, 2013.
• Khilan Gudka, Robert N. M. Watson, Steven Hand, Ben Laurie, and Anil Madhavapeddy. Exploring compartmentalisation hypotheses with SOAAP. Workshop paper, Adaptive Host and Network Security (AHANS 2012), September, 2012.
• Watson, R. N. M. New approaches to operating system security extensibility. Technical report UCAM-CL-TR-818, University of Cambridge, Computer Laboratory, April, 2012.
• Watson, R. N. M., Anderson, J., Laurie, B., and Kennaway, K. A Taste of Capsicum: Practical Capabilities for UNIX. Communications of the ACM, Volume 55, Issue 3, March, 2012.
• Gribble, Steven D. Technical Perspective: The Benefits of Capability-Based Protection. Communications of the ACM, Volume 55, Issue 3, March 2012.
• Harris, W. R., Farley, B., Jha, S., and Reps, T. Secure Programming as a Parity Game. Technical report #1694, University of Wisconsin Madison, Computer Sciences Department, July, 2011.
• Watson, R. N. M., Anderson, J., Laurie, B., and Kennaway, K. Introducing Capsicum: practical capabilities for UNIX. In ;login: Magazine, December 2010, Volume 35, Number 6.
• Farley, B. Analyzing Capsicum for Usability and Performance. University of Wisconsin web publication, December 2010.
• Watson, R. N. M., Anderson, J., Laurie, B., and Kennaway, K. Capsicum: practical capabilities for UNIX. In Proceedings of the 19th USENIX Security Symposium, Washington, DC, August 2010. (Best Student Paper, Most Notable Publication 2011 - Cambridge Ring)

• Watson, R. N. M., Anderson, J. Capsicum working group. Presented at the FreeBSD Developer Summit, BSDCan 2012, Ottawa, Canada, May, 2012.
• Watson, R. N. M., Anderson, J. Capsicum working group summary. Presented at the FreeBSD Developer Summit, EuroBSDCon 2011, Maarssen, the Netherlands, October, 2011.
• Watson, R. N. M. and Anderson, J. Connecting the Dot Dots: Model Checking Concurrency in Capsicum. Presented at 4th International Workshop on Analysis of Security APIs, Edinburgh, Scotland, July 2010.
• Watson, R. N. M., Anderson, J., Laurie, B., and Kennaway, K. Capsicum: practical capabilities for UNIX. Presented at 19th USENIX Security Symposium, Washington, DC, August, 2010. Recording available on YouTube.

• Watson, R. N. M. 2013 Capsicum year in review. Light Blue Touchpaper, 20 December, 2013. Robert Watson reviews Capsicum events from 2013: work funded by the FreeBSD Foundation and Google on FreeBSD 10.0, Casper in FreeBSD 11, David Drysdale's port of Capsicum to Linux at Google, Summer of Code students, joint work with the University of Wisconsin on Capsicum, and future funded Capsicum work.
• Maste, E. FreeBSD Foundation announces Capsicum integration project completion. FreeBSD Foundation Blog, 17 December, 2013. Ed Maste, FreeBSD Foundation technical project director, describes the recently completed Capsicum integration effort, as well as the Casper daemon.
• Laurie, B. Open Source Security. Google Open Source Program Office Blog, 12 Septemnber, 2013. Ben Laurie describes some of the open-source security projects supported by Google developers and open-source programs office funding, including Capsicum.
• Goodkin, D. New Funded Project: Capsicum Improvements. FreeBSD Foundation Blog, 18 June, 2012. Deb Goodkin announces new Capsicum development jointly funded by the FreeBSD Foundation and Google. Pawel Jakub Dawidek will develop a new libcapsicum and further Capsicum-based applications.
• Laurie, B. Using Capsicum For Sandboxing. Links, 28 April, 2012. Ben Laurie explores Capsicumising bzip2, and more generally, the process of application compartmentalisaion.
• Watson, R. N. M. Three-paper Thursday: capability systems. Light Blue Touch Paper, 23 February, 2012. Three papers on capability systems that influenced our thinking for Capsicum and CHERI.
• Watson, R. N. M. FreeBSD 9.0 ships with experimental Capsicum support. Light Blue Touch Paper, 30 January, 2012. Capsicum is highlighted in the FreeBSD 9.0 release announcement and FreeBSD Foundation press release.
• Laurie, B. Capsicum Wins Cambridge Ring Award. Links, 9 March, 2011. Ben Laurie announces that Capsicum has won the Cambridge Ring best publication award for 2010.
• Seaborn, M. An introduction to FreeBSD-Capsicum. Lacking Rhoticity, 4 November, 2010. Mark Seaborn introduces Capsicum's high-level feature set, and considers how it might provide a better platform for his work on PLASH.
• Seaborn, M. Process descriptors in FreeBSD-Capsicum. Lacking Rhoticity, 23 October, 2010. Mark Seaborn talks about process descriptors as a replacement for PIDs in UNIX and Linux.
• Laurie, B. FreeBSD Capsicum. Links, 14 August, 2010. Ben Laurie discusses our Capsicum work.
• Watson, R. N. M. Capsicum: practical capabilities for UNIX. Light Blue Touch Paper, 12 August, 2010. Capsicum is presented at the 19th USENIX Security Symposium, winning Best Student Paper award.
• Laurie, B. Capability Operating Systems. Links, 27 March, 2010. Ben Laurie puts our on-going work on Capsicum into context with a review of recent and historic capability system designs.

• Google Ports Capsicum to Linux, and Other End-of-Year Capsicum News, Slashdot, 8 January, 2014.
• Cambridge's Capsicum Framework Promises Efficient Security for UNIX/ChromeOS. Slashdot, 25 February, 2012.
• Edge, J. Capsicum: practical capabilities for UNIX. LWN.net, 22 February, 2012.
• Cawrey, D. Capsicum Offers Better Chrome Security, More Robust Development. thechromesource, 16 August, 2010.
• New Sandbox Framework for Chromium Released. Slashdot, 13 August, 2010.

• capsicum(4) - Capsicum man page from FreeBSD 9.1
• cap_enter(2) - Capability mode system calls
• cap_new(2) - Capability management system calls
• pdfork(2) - Process descriptor management system calls