Capsicum: Practical capabilities for UNIX

Proceedings of the 19th USENIX Security Symposium

Volumn , Issue , 2010, Pages 29-45

  Watson, Robert N M ^a   Anderson, Jonathan ^a   Laurie, Ben ^b   Kennaway, Kris ^b  

^a UNIVERSITY OF CAMBRIDGE   (United Kingdom)

^b GOOGLE   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

ACCESS CONTROL;

FREEBSD; MANDATORY ACCESS CONTROL; SANDBOXING TECHNIQUES; SYSTEM CAPABILITIES;

UNIX;

EID: 85067179564     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (28)

1. The Chromium Project: Design Documents: OS X Sandboxing Design. http://dev.chromium.org/developers/design- documents/sandbox/ osx- sandboxing- design.
2. ACETTA, M. J., BARON, R., BOLOWSKY, W., GOLUB, D., RASHID, R., TEVANIAN, A., AND YOUNG, M. Mach: a new kernel foundation for unix development. In Proceedings of the USENIX 1986 Summer Conference (July 1986), pp. 93–112.
3. BELL, D. E., AND LAPADULA, L. J. Secure computer systems: Mathematical foundations. Tech. Rep. 2547, MITRE Corp., March 1973.
4. BIBA, K. J. Integrity considerations for secure computer systems. Tech. rep., MITRE Corp., April 1977.
5. BITTAU, A., MARCHENKO, P., HANDLEY, M., AND KARP, B. Wedge: Splitting Applications into Reduced-Privilege Compartments. In Proceedings of the 5th USENIX Symposium on Networked Systems Design and Implementation (2008), pp. 309–322.
6. BRANSTAD, M., AND LANDAUER, J. Assurance for the Trusted Mach operating system. Computer Assurance, 1989. COMPASS ’89,’Systems Integrity, Software Safety and Process Security’, Proceedings of the Fourth Annual Conference on (1989), 103–108.
7. GARFINKEL, T., PFA, B., AND ROSENBLUM, M. Ostia: A delegating architecture for secure system call interposition. In Proc. Internet Society 2003 (2003).
8. GONG, L., MUELLER, M., PRAFULLCHANDRA, H., AND SCHEMERS, R. Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2. In Proceedings of the USENIX Symposium on Internet Technologies and Systems.
9. HARDY, N. KeyKOS architecture. SIGOPS Operating Systems Review 19, 4 (Oct 1985).
10. KILPATRICK, D. Privman: A Library for Partitioning Applications. In Proceedings of USENIX Annual Technical Conference (2003), pp. 273–284.
11. LIEDTKE, J. On microkernel construction. In Proceedings of the 15th ACM Symposium on Operating System Principles (SOSP-15) (Copper Mountain Resort, CO, Dec. 1995).
12. LOSCOCCO, P., AND SMALLEY, S. Integrating flexible support for security policies into the Linux operating system. Proceedings of the FREENIX Track: 2001 USENIX Annual Technical Conference table of contents (2001), 29–42.
13. MILLER, M. S. The e language. http://www.erights.org/.
14. MILLER, M. S., SAMUEL, M., LAURIE, B., AWAD, I., AND STAY, M. Caja: Safe active content in sanitized javascript, May 2008. http://google-caja.googlecode.com/files/caja-spec-2008-06-07.pdf.
15. MURRAY, D. G., AND HAND, S. Privilege Separation Made Easy. In Proceedings of the ACM SIGOPS European Workshop on System Security (EUROSEC) (2008), pp. 40–46.
16. NEUMANN, P. G., BOYER, R. S., GEIERTAG, R. J., LEVITT, K. N., AND ROBINSON, L. A provably secure operating system: The system, its applications, and proofs, second edition. Tech. Rep. Report CSL-116, Computer Science Laboratory, SRI International, May 1980.
17. PROVOS, N., FRIEDL, M., AND HONEYMAN, P. Preventing Privilege Escalation. In Proceedings of the 12th USENIX Security Symposium (2003).
18. REIS, C., AND GRIBBLE, S. D. Isolating web programs in modern browser architectures. In EuroSys’09: Proceedings of the 4th ACM European conference on Computer systems (New York, NY, USA, 2009), ACM, pp. 219–232.
19. SALTZER, J. H., AND SCHROEDER, M. D. The protection of information in computer systems. In Communications of the ACM (July 1974), vol. 17.
20. SAMI SAYDJARI, O. Lock: an historical perspective. In Proceeedings of the 18th Annual Computer Security Applications Conference (2002), IEEE Computer Society.
21. SEABORN, M. Plash: tools for practical least privilege, 2010. http://plash.beasts.org/.
22. SEBES, E. J. Overview of the architecture of Distributed Trusted Mach. Proceedings of the USENIX Mach Symposium: November (1991), 20–22.
23. SHAPIRO, J., SMITH, J., AND FARBER, D. EROS: a fast capability system. SOSP’99: Proceedings of the seventeenth ACM symposium on Operating systems principles (Dec 1999).
24. SPENCER, R., SMALLEY, S., LOSCOCCO, P., HIBLER, M., ANDERSON, D., AND LEPREAU, J. The Flask Security Architecture: System Support for Diverse Security Policies. In Proc. 8th USENIX Security Symposium (August 1999).
25. VANCE, C., AND WATSON, R. Security Enhanced BSD. Network Associates Laboratories (2003).
26. WAGNER, D., AND TRIBBLE, D. A security analysis of the combex darpabrowser architecture, March 2002. http://www.combex.com/papers/darpa- review/ security- review.pdf.
27. WATSON, R., FELDMAN, B., MIGUS, A., AND VANCE, C. Design and Implementation of the TrustedBSD MAC Framework. In Proc. Third DARPA Information Survivability Conference and Exhibition (DISCEX), IEEE (April 2003).
28. WILKES, M. V., AND NEEDHAM, R. M. The Cambridge CAP computer and its operating system (Operating and programming systems series). Elsevier North-Holland, Inc., Amsterdam, The Netherlands, 1979.