capability security links
Thu, 3 Aug 2000 15:00:38 -0500 (CDT)
Norman Hardy's home page is a good place to start; he also has various
links to very deep CS research.
Capability stuff is at
The Confused Deputy stuff is at
He links to a rant of mine which I think is probably a little half-baked.
What I have termed "strong capability systems" --- in which the capability
is a little piece of magic, not just a string of text --- are able to
provide interesting isolation properties within a closed system, and
generally form a very simple and flexible substrate on which one can build
any desired security policy, including things like role-based and
mandatory access controls, confinement and covert-channel control,
object immutability, and read-only access.
Web-wide strong capability systems are not possible, as far as I know; we
have to rely on weak capability systems. I think.
There is a Distributed Trusted OS paper surveying a variety of operating
systems' security models; KeyKOS is one of them. It is currently
The authors do not express great faith in the assurability of the KeyKOS
security system, so perhaps this may act as an antidote to my optimism :)
Of course, I should mention http://www.eros-os.org/.