Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses hierarchical protection domains.

Property Value
dbo:abstract
  • Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses hierarchical protection domains. Although most operating systems implement a facility which resembles capabilities, they typically do not provide enough support to allow for the exchange of capabilities among possibly mutually untrusting entities to be the primary means of granting and distributing access rights throughout the system. A capability-based system, in contrast, is designed with that goal in mind. Capabilities as discussed in this article should not be confused with POSIX 1e/2c "". The latter are coarse-grained privileges that cannot be transferred between processes. (en)
  • Con il termine capability si intende in informatica un meccanismo di protezione delle risorse orientato agli oggetti complementare alle ACL. I sistemi che utilizzano le capability associano a ciascun processo una lista di capability (o C-list), che descrive per l'appunto a quali oggetti (per esempio file) il processo può accedere. Una C-list può essere formata da dei nodi, ciascuno dei quali rappresenta i permessi su un determinato oggetto puntato. (it)
  • Capability-based security は、セキュリティの高い(セキュアな)コンピュータを設計するためのコンセプトの一つである。 (ja)
dbo:wikiPageExternalLink
dbo:wikiPageID
  • 539717 (xsd:integer)
dbo:wikiPageRevisionID
  • 735189902 (xsd:integer)
dbp:date
  • April 2014
dbp:reason
  • very abstractly worded, using same word to describe itself, confusing
dct:subject
http://purl.org/linguistics/gold/hypernym
rdf:type
rdfs:comment
  • Con il termine capability si intende in informatica un meccanismo di protezione delle risorse orientato agli oggetti complementare alle ACL. I sistemi che utilizzano le capability associano a ciascun processo una lista di capability (o C-list), che descrive per l'appunto a quali oggetti (per esempio file) il processo può accedere. Una C-list può essere formata da dei nodi, ciascuno dei quali rappresenta i permessi su un determinato oggetto puntato. (it)
  • Capability-based security は、セキュリティの高い(セキュアな)コンピュータを設計するためのコンセプトの一つである。 (ja)
  • Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses hierarchical protection domains. (en)
rdfs:label
  • Capability-based security (en)
  • Capability (it)
  • Capability-based security (ja)
owl:sameAs
prov:wasDerivedFrom
foaf:isPrimaryTopicOf
is dbo:wikiPageDisambiguates of
is dbo:wikiPageRedirects of
is dbp:family of
is foaf:primaryTopic of