capability-based security

Capabilities are the means of controlling data-flow in the FSOS semantic graph.

The FlyingSquirrelOS design uses capability-based addressing not virtual memory.

• Capability-based addressing means no expensive context-switches.
• Capabilities provide memory protection without the IPC complications of separate independent address spaces.

With ACLs the object knows what the subject can do. With capabilities the subject knows how it can interact with the object.

external links

• DC2 - A capability system with a tiny Trusted Computing Base (TCB). DC2 is implemented in a language based on pi-calculus.
• What is a Capability, Anyway?
• Naming and Protection in Extendable Operating Systems [PDF]
• Why Security is not a Separable Concern [PDF]
• Coyotos Documentation