(en.wikipedia.org) Capability-based security - Wikipedia

ROAM_REFS: https://en.wikipedia.org/wiki/Capability-based_security

Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses traditional UNIX permissions and access control lists.

Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities among possibly mutually untrusting entities to be the primary means of granting and distributing access rights throughout the system. A capability-based system, in contrast, is designed with that goal in mind.

Local Graph

org-roam 1393965b-f472-466a-984f-c1c799684ce7 (en.wikipedia.org) Capability-based s... //en.wikipedia.org/wiki/Computer_security https://en.wikipedia.org/wiki/Computer_security 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Computer_security //en.wikipedia.org/wiki/Computer_security_model https://en.wikipedia.org/wiki/Computer_security_model 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Computer_security_model //en.wikipedia.org/wiki/Access_token https://en.wikipedia.org/wiki/Access_token 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Access_token //en.wikipedia.org/wiki/Reference_(computer_science) https://en.wikipedia.org/wiki/Reference_(computer_science) 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Reference_(computer_science) //en.wikipedia.org/wiki/Object_(computer_science) https://en.wikipedia.org/wiki/Object_(computer_science) 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Object_(computer_science) //en.wikipedia.org/wiki/Access_control https://en.wikipedia.org/wiki/Access_control 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Access_control //en.wikipedia.org/wiki/User_(computing) https://en.wikipedia.org/wiki/User_(computing) 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/User_(computing) //en.wikipedia.org/wiki/Computer_program https://en.wikipedia.org/wiki/Computer_program 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Computer_program //en.wikipedia.org/wiki/Capability-based_operating_system https://en.wikipedia.org/wiki/Capability-based_operating_system 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Capability-based_operating_system //en.wikipedia.org/wiki/Principle_of_least_privilege https://en.wikipedia.org/wiki/Principle_of_least_privilege 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Principle_of_least_privilege //en.wikipedia.org/wiki/File-system_permissions https://en.wikipedia.org/wiki/File-system_permissions 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/File-system_permissions //en.wikipedia.org/wiki/Access-control_list https://en.wikipedia.org/wiki/Access-control_list 1393965b-f472-466a-984f-c1c799684ce7->//en.wikipedia.org/wiki/Access-control_list