Capability-based Security

A post on Raymond Chen's blog happened to coincide with a paper I was reading, Capability Myths Demolished. More on capabilities.

It's interesting to see how our existing systems and solutions, and how popular they are, subtly influence the way we see the world. It's all about assumptions - if you don't question them, you're likely to be stuck in a local maximum, rather than wandering out to find a better maxima elsewhere.

I recommend reading the paper. It's written in a relatively colourful style, somewhat less dry and academic than some. Just thinking about the details of implementing a usable capability-based system has me thinking about how it influences other things, involving system maintainability etc. I've always thought that ACLs are a pain to manage and that Unix's 3*3 bits + sundry are better, if not for power, then for usability. I can see ways for capability-based systems to be even better, especially for things like elevating security privileges (like in Linux, MacOS X, Vista), and running less-trusted applications in the current user's account.

Food for thought.