Capability-based Security - Introduction To Capability-based Security

Introduction To Capability-based Security

(The following introduction assumes some basic knowledge of Unix systems.)

A capability is defined to be a protected object reference which, by virtue of its possession by a user process, grants that process the capability (hence the name) to interact with an object in certain ways. Those ways might include reading data associated with an object, modifying the object, executing the data in the object as a process, and other conceivable access rights. The capability logically consists of a reference that uniquely identifies a particular object and a set of one or more of these rights.

Suppose that, in a user process's memory space, there exists the following string:

/etc/passwd

Although this identifies a unique object on the system, it does not specify access rights and hence is not a capability. Suppose there is instead the following two values:

/etc/passwd O_RDWR

This identifies an object along with a set of access rights. It, however, is still not a capability because the user process's possession of these values says nothing about whether that access would actually be legitimate.

Now suppose that the user program successfully executes the following statement:

int fd = open("/etc/passwd", O_RDWR);

The variable fd now contains the index of a file descriptor in the process's file descriptor table. This file descriptor is a capability. Its existence in the process's file descriptor table is sufficient to know that the process does indeed have legitimate access to the object. A key feature of this arrangement is that the file descriptor table is in kernel memory and cannot be directly manipulated by the user program.

Read more about this topic:  Capability-based Security

Famous quotes containing the words introduction to, introduction and/or security:

    Such is oftenest the young man’s introduction to the forest, and the most original part of himself. He goes thither at first as a hunter and fisher, until at last, if he has the seeds of a better life in him, he distinguishes his proper objects, as a poet or naturalist it may be, and leaves the gun and fish-pole behind. The mass of men are still and always young in this respect.
    Henry David Thoreau (1817–1862)

    Do you suppose I could buy back my introduction to you?
    S.J. Perelman, U.S. screenwriter, Arthur Sheekman, Will Johnstone, and Norman Z. McLeod. Groucho Marx, Monkey Business, a wisecrack made to his fellow stowaway Chico Marx (1931)

    Our security depends on the Allied Powers winning against aggressors. The Axis Powers intend to destroy democracy, it is anathema to them. We cannot provide that aid if the public are against it; therefore, it is our responsibility to persuade the public that aid to the victims of aggression is aid to American security. I expect the members of my administration to take every opportunity to speak to this issue wherever they are invited to address public forums in the weeks ahead.
    Franklin D. Roosevelt (1882–1945)