Capability

Reference 1

  • Capability

    • Reference 1 ACL vs Capability Access control list: attributes on objects, stating which subjects has which permissions; e.g. file permission attribute bits on Linux. Capability: attributes on subjects, stating the subject has what permissions over certain objects; format, each capability has form of ; a subject can have a list of capabilities. reference ↩

  • Confused Deputy

    • References: N. Hardy, “The confused deputy (or why capabilities might have been invented),” ACM SIGOPS Operating Systems Review, vol. 22, no. 4, pp. 36–38, 1988. Overview A story in a system much like Unix (of AT&T): RUN (SYSX)FORT, to invoke a compiler FORT. (SYSX)A_FILE, customized file from the invoker to write debug information to A_FILE. (SYSX)STAT, to write statistics as output, filename hardcoded in the compiler. In order to access STAT file, we give compiler home files license –> to write files in the home directory (SYSX), then write (SYSX)STAT

  1. reference
Created May 16, 2020 // Last Updated May 18, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?