Date: Wed, 2 Jun 2010 14:55:06 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 179094 for review Message-ID: <201006021455.o52Et6iF088271@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://p4web.freebsd.org/@@179094?ac=10 Change 179094 by rwatson@rwatson_fledge on 2010/06/02 14:54:54 Add Capsicum paper to the TrustedBSD web site as well as the main Computer Laboratory Capsicum site. Affected files ... .. //depot/projects/trustedbsd/www/2010usenix-security-capsicum-website.pdf#1 add .. //depot/projects/trustedbsd/www/Makefile#17 edit .. //depot/projects/trustedbsd/www/docs.bib#6 edit Differences ... ==== //depot/projects/trustedbsd/www/Makefile#17 (text+ko) ==== @@ -28,7 +28,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/trustedbsd/www/Makefile#16 $ +# $P4: //depot/projects/trustedbsd/www/Makefile#17 $ STYLESHEET= page.xsl @@ -85,6 +85,7 @@ DATA+= 20000809-trustedbsd-announcement.txt DATA+= robots.txt DATA+= 20060303-ukuug2006lisa-audit.pdf +DATA+= 2010usenix-security-capsicum-website.pdf GLOBAL_XML= sidebar.xml ==== //depot/projects/trustedbsd/www/docs.bib#6 (text+ko) ==== @@ -35,7 +35,7 @@ <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0"> <cvs:keyword name="freebsd"> - $P4: //depot/projects/trustedbsd/www/docs.bib#5 $ + $P4: //depot/projects/trustedbsd/www/docs.bib#6 $ </cvs:keyword> </cvs:keywords> @@ -370,4 +370,44 @@ </entry> + <entry role="paper" date="20100811"> + <title>Capsicum: practical capabilities for UNIX</title> + + <author> + <name>Robert N. M. Watson</name> + <affil>University of Cambridge</affil> + </author> + + <author> + <name>Jonathan Anderson</name> + <affil>University of Cambridge</affil> + </author> + + <author> + <name>Ben Laurie</name> + <affil>Google UK Ltd.</affil> + </author> + + <author> + <name>Kris Kennaway</name> + <affil>Google UK Ltd.</affil> + </author> + + <download> + <file url="2010usenix-security-capsicum-website.pdf" format="PDF" /> + </download> + + <abstract>Capsicum is a lightweight operating system capability and + sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends, + rather than replaces, UNIX APIs, providing new kernel primitives + (sandboxed capability mode and capabilities) and a userspace sandbox + API. These tools support compartmentalisation of monolithic UNIX + applications into logical applications, an increasingly common goal + supported poorly by discretionary and mandatory access control. We + demonstrate our approach by adapting core FreeBSD utilities and + Google's Chromium web browser to use Capsicum primitives, and compare + the complexity and robustness of Capsicum with other sandboxing + techniques.</abstract> + </entry> + </bibliography>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201006021455.o52Et6iF088271>