Tag Archives: FreeBSD 9 Capsicum

Capsicum Offers Better Chrome Security, More Robust Development

Posted on 16. Aug, 2010 by . 0 Comments

flattr this!

At the USENIX security conference held in Washington, DC last week, a group of researchers presented a new sandbox framework for lightweight operating systems called Capsicum. Developed by the University of Cambridge with a grant from Google, Capsicum will help to better protect Unix-derived systems as well as Chrome browser and Chrome OS.

Essentially, what this provides is a better framework for developers because they don’t have to spend so much time with security delegation in their own web applications.

“In order to protect user data from malicious JavaScript, Flash, etc., the Chromium web browser is decomposed into several OS processes. Some of these processes handle content from untrusted sources, but their access to user data is restricted using DAC or MAC mechanism (the process is sandboxed). These mechanisms vary by platform, but all require a significant amount of programmer effort. Our analysis shows significant vulnerabilities in all of these sandbox models due to inherent flaws or incorrect use”, they write in their paper.

“Privilege separation is a pattern that has been adopted for applications such as OpenSSH, Apple’s SecurityServer, and, more recently, Google’s Chromium web browser. Compartmentalisation is enforced using various access control techniques, but only with significant programmer effort.”

“Capsicum addresses these problems by introducing new (and complementary) security primitives to support compartmentalisation: capability mode and capabilities”.


The UNIX-compliant FreeBSD 9 will integrate Capsicum when it is released. Capsicum features are even expected to hit the Chromium browser at some point for testing; at USENIX the researchers showed off a version of Chromium with the framework installed.

Seeing that the research was supported by Google and will be included into operating systems, it’s safe to say that Capsicum will also be a part of Chrome, further reducing the amount of coding developers have to do in order to allow webapps to be secure. Instead, Chrome will be able to handle all of the different requests that come to it via the web, and act accordingly.

The complete Capsicum paper is located here. Cambridge also has a site devoted to the topic.