Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Access Control/Access Control Model/
Capability Lists
Search

Capability Lists

Created
Created
2024 Mar 15 5:21
Editor
Editor
Seonglae ChoSeonglae Cho
Creator
Creator
Seonglae ChoSeonglae Cho
Edited
Edited
2024 Apr 23 5:35
Refs
Refs

Per subject

Each row of the access matrix is stored with the subject.
Better for access/revocation on subject than
Access Control Lists
Arrows take opposite direction
Arrows take opposite direction
In theory, capability lists are slightly better than ACL as perspective of security. However in reality, most of capability lists failed and most OS uses ACL.
 
 
 
 

Capabilities-as-rows

For Example, capabilities aggregated at the subject in
Linux Capabilities
Ambient Authority can be present
  • ID card
 
 

Capabilities-as-keys

Exercising an authority requires the selection of a key without Ambient Authority by definition.
  • Key chain
 
 
 
Google Fuchsia tried CAP as main Linux access control, but failed
 
 
 
 

Recommendations

Texonom
Texonom/
Engineering
Engineering/Service Engineering/Computer Security/Access Control/Access Control Model/
Capability Lists