Analyzing Capsicum for Security and Performance

Benjamin Farley

Abstract: In this project I investigate Capsicum, an extension to UNIX that introduces a new security model on top of existing UNIX architecture. This model consists of several new security primitives and system calls that replace existing UNIX functionality. I focus on two aspects of Capsicum: performance and usability. For performance, I compare the performance of Capsicum system calls to corresponding UNIX calls and analyze these differences. I also implement a small file-hosting server that makes use of Capsicum's sandboxing library, in order to determine the feasibility of writing new applications using Capsicum and modifying existing applications to use Capsicum.

Available as: PDF

Some of my raw data can be found here.

Powerpoint slides can be found here.