“Security” is not a very good term here but we refer here
to a class of computer problems that can be solved in capability
environments by user code that arranges to limit where
capabilities get to.
- The Trojan Horse
Current commercial operating systems convey all of my authority to any program that I launch!
Since I can delete all of my files, the grammar program that you send me can delete them as well.
- The factory
confines a program or
a large complex of programs so that confidential questions
stay within the machine.
- Confused Deputy
- A deputy is a program that is trusted to use the authority
it has according to some agreed upon rules.
Sometimes the deputy is
hard pressed to know what is
Without capabilities, common programming patterns are wrong!
With capabilities those same familiar and convenient patterns do the right thing naturally.
- Usage Sensitive Pricing
- Metered Service can provide the user with an alternative
to buying a very expensive software package when his need is slight,
and when the vendor agrees.
In particular some capability systems can meter
access to data.
- High Value Data
- Current systems are too weak
to support high value uses of digital signatures.
They are also too weak for serious crypto.