We address three common misconceptions about capability-based systems: the Equivalence Myth (access control list systems and capability systems are formally equivalent), the Confinement Myth (capability systems cannot enforce confinement), and the Irrevocability Myth (capability-based access cannot be revoked). The Equivalence Myth obscures the benefits of capabilities as compared to access control lists, while the Confinement Myth and the Irrevocability Myth lead people to see problems with capabilities that do not actually exist. The prevalence of these myths is due to differing interpretations of the capability security model. To clear up the confusion, we examine three different models that have been used to describe capabilities, and d...
With reference to a classic protection system featuring active subjects that reference protected obj...
Comparing the expressive power of access control models is recognized as a fundamental problem in co...
Capability-based operating systems have logical advantages over access-control list based systems fo...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
Motivated by the problem of understanding the difference between practical access control and capabi...
Abstract. Access control systems must be evaluated in part on how well they enable one to distribute...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
We present a novel technique, known as the non-delegatable authority (NDA), for distributing authori...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
This article analyses the relationship between rights and capabilities in order to get a better gras...
We use a state-transition approach to analyze and compare the core access control mechanisms that ar...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
This article analyses the relationship between rights and capabilities in order to get a better gras...
We present a formal system that models programmable abstractions for access control. Composite abstr...
In capability-safe languages, components can access a resource only if they possess a capability for...
With reference to a classic protection system featuring active subjects that reference protected obj...
Comparing the expressive power of access control models is recognized as a fundamental problem in co...
Capability-based operating systems have logical advantages over access-control list based systems fo...
Conventional computer architectures provide little or no hardware support for enforcing data securit...
Motivated by the problem of understanding the difference between practical access control and capabi...
Abstract. Access control systems must be evaluated in part on how well they enable one to distribute...
This paper describes Metagap'e, a formally specified family of capability systems capable of re...
We present a novel technique, known as the non-delegatable authority (NDA), for distributing authori...
In capability systems it can be hard to assert confinement from static analysis only. In this paper ...
This article analyses the relationship between rights and capabilities in order to get a better gras...
We use a state-transition approach to analyze and compare the core access control mechanisms that ar...
Abstract—In capability-safe languages, components can access a resource only if they possess a capab...
This article analyses the relationship between rights and capabilities in order to get a better gras...
We present a formal system that models programmable abstractions for access control. Composite abstr...
In capability-safe languages, components can access a resource only if they possess a capability for...
With reference to a classic protection system featuring active subjects that reference protected obj...
Comparing the expressive power of access control models is recognized as a fundamental problem in co...
Capability-based operating systems have logical advantages over access-control list based systems fo...