
Introducing Capsicum: Practical Capabilities for UNIX - ez77
http://www.usenix.org/publications/login/2010-12/openpdfs/watson.pdf
======
azm
If you don't want a PDF or scribd, clicky to Cambridge project page:
<http://www.cl.cam.ac.uk/research/security/capsicum/>

~~~
cannedprimates
In particular, the Usenix talk about Capsicum has been recorded:
<http://www.youtube.com/watch?v=raNx9L4VH2k>

------
sophacles
Somewhat related -- I have always thought it would be cool to build a
capability system like this into a language with a strong H-M type system. I
think it would be an interesting study to have the bare minimum privileges
passed via type dependences. Done well this would have any given bit of code
only have the bare minimum to do its job.

Also: some types of automatic security checks at compile time too!

~~~
cannedprimates
Have you seen <http://lambda-the-ultimate.org/node/1635> (Lightweight static
capabilities)? Author's page: [http://okmij.org/ftp/Computation/lightweight-
dependent-typin...](http://okmij.org/ftp/Computation/lightweight-dependent-
typing.html)

~~~
sophacles
I had not seen that, thanks for the pointer!

------
btilly
A note for those who thought that Unix has had capabilities forever. POSIX
defines something called capabilities that are very, very different from a
true capability system. This is a true capability system.

