Capsicum: practical capabilities for UNIX

Capsicum - People

Robert Watson created the Capsicum project, designing and implementing the kernel capability and capability mode frameworks, as well as libcapsicum.

Jonathan Anderson upstramed the Capsicum prototype to FreeBSD, and has worked on kernel parts, the dynamic run-time linker, a capability services provider, and a capability-oriented shell. He hopes to do more once he's submitted his PhD.

Ben Laurie is the Google liaison to the Capsicum project, and did much of the work to create a FreeBSD Chromium port to allow sandboxing experimentation on a real, large-scale application.

Khilan Gudka is exploring techniques for automating the process of software compartmentalisation for privilege separation in C programs. He is particularly interested in static and dynamic analysis to achieve this.