Capsicum is a security framework that allows process isolation and sandboxing based on the principles of capability-based security. This talk will give a brief introduction to Capsicum and capabilities, with some comparisons to the security mechanisms available for Linux containers (namespaces, cgroups and seccomp-bpf).
Aim to cover:
- Privilege separation is the most effective way of securing software against future (classes of) bugs.
- Capabilities allow the "privileges" to be precisely specified.
- Capsicum blends capabilities with traditional POSIX semantics, in a pragmatic way.
- Comparison with (Linux) kernel mechanisms for container isolation (e.g. namespaces, seccomp-bpf, cgroups).
- Current Capsicum status on FreeBSD and Linux.
- Potential future Capsicum work.