Search This Blog

Wednesday, November 21, 2018

The object-capability model is a computer security model.

A capability describes a transferable right to perform one (or more) operations on a given object. It can be obtained by the following combination:

an unforgeable reference (in the sense of object references or protected pointers) that can be sent in messages.
a message that specifies the operation to be performed.
The security model relies on not being able to forge references.

Objects can interact only by sending messages on references.
A reference can be obtained by:
initial conditions: In the initial state of the computational world being described, object A may already have a reference to object B.
parenthood: If A creates B, at that moment A obtains the only reference to the newly created B.
endowment: If A creates B, B is born with that subset of A's references with which A chose to endow it.
introduction: If A has references to both B and C, A can send to B a message containing a reference to C. B can retain that reference for subsequent use.
In the object-capability model, all computation is performed following the above rules.

Advantages that motivate object-oriented programming, such as encapsulation or information hiding, modularity, and separation of concerns, correspond to security goals such as least privilege and privilege separation in capability-based programming.