Capsicum is a security framework that allows process isolation and sandboxing based on the principles of capability-based security. This talk will give a brief introduction to Capsicum and capabilities, with some comparisons to the security mechanisms available for Linux containers (namespaces, cgroups and seccomp-bpf).
Aim to cover: - Privilege separation is the most effective way of securing software against future (classes of) bugs. - Capabilities allow the "privileges" to be precisely specified. - Capsicum blends capabilities with traditional POSIX semantics, in a pragmatic way. - Comparison with (Linux) kernel mechanisms for container isolation (e.g. namespaces, seccomp-bpf, cgroups). - Current Capsicum status on FreeBSD and Linux. - Potential future Capsicum work.
Speakers: David Drysdale