Object-capability model
Computer security model / From Wikipedia, the free encyclopedia
Dear Wikiwand AI, let's keep it short by simply answering these key questions:
Can you list the top facts and stats about Object-capability model?
Summarize this article for a 10 year old
The object-capability model is a computer security model. A capability describes a transferable right to perform one (or more) operations on a given object. It can be obtained by the following combination:
- An unforgeable reference (in the sense of object references or protected pointers) that can be sent in messages.
- A message that specifies the operation to be performed.
This article has multiple issues. Please help improve it or discuss these issues on the talk page. (Learn how and when to remove these template messages)
|
The security model relies on not being able to forge references.
- Objects can interact only by sending messages on references.
- A reference can be obtained by:
- Initial conditions: In the initial state of the computational world being described, object A may already have a reference to object B.
- Parenthood: If A creates B, at that moment A obtains the only reference to the newly created B.
- Endowment: If A creates B, B is born with that subset of A's references with which A chose to endow it.
- Introduction: If A has references to both B and C, A can send to B a message containing a reference to C. B can retain that reference for subsequent use.
In the object-capability model, all computation is performed following the above rules.
Advantages that motivate object-oriented programming, such as encapsulation or information hiding, modularity, and separation of concerns, correspond to security goals such as least privilege and privilege separation in capability-based programming.[1][2]
The object-capability model was first proposed by Jack Dennis and Earl C. Van Horn in 1966.[3]