PERFORCE change 179094 for review

Robert Watson rwatson at FreeBSD.org
Wed Jun 2 14:55:07 UTC 2010 

http://p4web.freebsd.org/@@179094?ac=10

Change 179094 by rwatson at rwatson_fledge on 2010/06/02 14:54:54

	Add Capsicum paper to the TrustedBSD web site as well as the main
	Computer Laboratory Capsicum site.

Affected files ...

.. //depot/projects/trustedbsd/www/2010usenix-security-capsicum-website.pdf#1 add
.. //depot/projects/trustedbsd/www/Makefile#17 edit
.. //depot/projects/trustedbsd/www/docs.bib#6 edit

Differences ...

==== //depot/projects/trustedbsd/www/Makefile#17 (text+ko) ====

@@ -28,7 +28,7 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 # 
-# $P4: //depot/projects/trustedbsd/www/Makefile#16 $
+# $P4: //depot/projects/trustedbsd/www/Makefile#17 $
 
 STYLESHEET=	page.xsl
 
@@ -85,6 +85,7 @@
 DATA+=		20000809-trustedbsd-announcement.txt
 DATA+=		robots.txt
 DATA+=		20060303-ukuug2006lisa-audit.pdf
+DATA+=		2010usenix-security-capsicum-website.pdf
 
 GLOBAL_XML=	sidebar.xml
 

==== //depot/projects/trustedbsd/www/docs.bib#6 (text+ko) ====

@@ -35,7 +35,7 @@
 
   <cvs:keywords xmlns:cvs="http://www.FreeBSD.org/XML/CVS" version="1.0">
     <cvs:keyword name="freebsd">
-      $P4: //depot/projects/trustedbsd/www/docs.bib#5 $
+      $P4: //depot/projects/trustedbsd/www/docs.bib#6 $
     </cvs:keyword>
   </cvs:keywords>
 
@@ -370,4 +370,44 @@
 
   </entry>
 
+  <entry role="paper" date="20100811">
+    <title>Capsicum: practical capabilities for UNIX</title>
+
+    <author>
+      <name>Robert N. M. Watson</name>
+      <affil>University of Cambridge</affil>
+    </author>
+
+    <author>
+      <name>Jonathan Anderson</name>
+      <affil>University of Cambridge</affil>
+    </author>
+
+    <author>
+      <name>Ben Laurie</name>
+      <affil>Google UK Ltd.</affil>
+    </author>
+
+    <author>
+      <name>Kris Kennaway</name>
+      <affil>Google UK Ltd.</affil>
+    </author>
+
+    <download>
+      <file url="2010usenix-security-capsicum-website.pdf" format="PDF" />
+    </download>
+
+    <abstract>Capsicum is a lightweight operating system capability and
+      sandbox framework planned for inclusion in FreeBSD 9. Capsicum extends,
+      rather than replaces, UNIX APIs, providing new kernel primitives
+      (sandboxed capability mode and capabilities) and a userspace sandbox
+      API. These tools support compartmentalisation of monolithic UNIX
+      applications into logical applications, an increasingly common goal
+      supported poorly by discretionary and mandatory access control. We
+      demonstrate our approach by adapting core FreeBSD utilities and
+      Google's Chromium web browser to use Capsicum primitives, and compare
+      the complexity and robustness of Capsicum with other sandboxing
+      techniques.</abstract>
+  </entry>
+
 </bibliography>

More information about the p4-projects mailing list