Home

Capabilitybased

Capability-based security is a model in which authorization to perform actions on objects is conveyed through capabilities—unforgeable tokens that grant specific rights. A capability effectively combines a reference to a resource with an associated set of permissions, and often with additional constraints such as a scope, time limit, or provenance. Possession of a capability grants the holder the rights encoded in it, without requiring a separate global access control decision.

In capability-based systems, access checks are local to the holder of the capability rather than centralized

Prominent lines of development include capability-based operating systems and hardware, capability-oriented programming models, and operating system

Advantages of capability-based security include fine-grained access control, reduced reliance on centralized policy checks, and natural

---

via
object-
or
system-wide
ACLs.
This
enables
fine-grained,
portable
permissions
and
supports
authority
delegation:
a
capability
can
be
passed
to
another
process
or
actor
to
extend
or
transfer
rights,
subject
to
the
capabilities’
own
constraints.
Revocation
and
tracking
of
delegated
rights
are
important
design
considerations,
since
capabilities
can
be
observed
and
copied,
potentially
complicating
global
policy
enforcement.
extensions.
Historical
platforms
such
as
KeyKOS,
EROS,
CapROS,
and
the
Capsicum
framework
for
Unix-like
systems
illustrate
practical
realizations,
while
hardware
approaches
like
the
CHERI
architecture
aim
to
provide
hardware-enforced
capabilities
for
memory
safety
and
fine-grained
access
control.
support
for
secure
delegation.
Challenges
involve
revocation,
leakage
prevention,
and
interoperability
with
traditional
access-control
mechanisms.
The
model
has
influenced
modern
security
research
and
certain
sandboxing
and
microkernel
designs,
even
as
mainstream
adoption
remains
partial.