Capability (computers)
A
capability functions as a key that gives a
program on a capability-based computer system access to an
object. A capability is typically implemented as a
data structure that consists of a section that specifies access rights, and a section that uniquely identifies the object to be accessed. In practice, it is used much like a file descriptor in a traditional operating system, but to access every object on the system.
Capabilities are typically stored by the operating system in a list, with some mechanism in place to prevent the program from directly modifying the contents of the capability (so as to forge access rights or change the object it points to).
Programs possessing capabilities can perform functions on them, such as passing them on to other programs, converting them to a less-privileged versions, or deleting them.
References
- Levy, Henry M. 1984 Capability-Based Computer Systems, Digital Equipment Corporation. ISBN 0-932376-22-3
- The EROS Project