The Principle of Least Privilege says that software shouldn't be executed with more authority than it needs to get its job done. Unfortunately, following this principle is hard; most operating systems are configured so that the scripts and programs you run can do anything you can.
Shill is a shell scripting language designed to make it easy to follow the Principle of Least Privilege. Shill uses capabilities to control what access scripts have to your system. Every Shill script comes with a contract that describes what it can do, so users can run third-party scripts with confidence. Using capability-based sandboxes, Shill's security guarantees extend even to native executables launched by scripts.
You can find installation instructions in the manual. You can find a number of example scripts in the Shill source distribution.
Shill: A Secure Shell Scripting Language. Scott Moore, Christos Dimoulas, Dan King, and Stephen Chong. 11th USENIX Symposium on Operating Systems Design and Implementation (OSDI), October 2014. [BibTeX] [Video]
Coverage in ComputerWorld.
This research is supported by the Air Force Research Laboratory.