Capsicum: practical capabilities for UNIX

Capsicum - Related

The Computer Science Laboratory (CSL) at SRI International and the University of Cambridge Computer Laboratory have teamed on a successor project to Capsicum, CTSRD, looking at modifications to contemporary CPU designs in order to better support application compartmentalisation. The CHERI processor implements a hybrid capability structurally similar to Capsicum, only at an instruction set level.

A variety of research, commercial, and open source projects have explored the area of capability systems in the past. Here are a few of the notable ones we have referenced in our work:

• The Mach Operating System Project
• EROS: The Extremely Reliable Operating System
• The CAP Computer - also developed at Cambridge!
• Plash sandboxing system
• The Java Security Architecture
• The DARPA Browser
• The E Language
• Joe-E: capability-secure subset of Java
• Combex DarpaBrowser