Permission management - not part of capability based security. That's the bad thing with the same name that happens on cell phones.
Capability based security is more like cash(an economic capability) in your wallet. You take out $5 to buy something, you can't risk more than $5 in the transaction.
With a phone, it's like you enable access to ALL of your money, effectively forever, in a binary manner. (Unless you remember to turn it off later, or the OS does after 3 months of non-use)
Edit/Append - Capability based security dates back to the 1970s. It's perfectly possible to do it with modern hardware. You just need to protect the OS from applications, which anything with an MMU can do. (Or, if you don't have an MMU, you could just run WebAssembly, which is capabilities based)
The key is that instead of giving file names to programs, you give handles (capabilities) at run time, when the user wants to open a file, save, etc. Otherwise the program has NO access to anything by default. (Thus it can't cause unwanted changes anywhere else)
Ah okay. Is it possible to have capability based security in software at all? Or is the definition such that it must be implemented at the hardware level?
Capability based security is more like cash(an economic capability) in your wallet. You take out $5 to buy something, you can't risk more than $5 in the transaction.
With a phone, it's like you enable access to ALL of your money, effectively forever, in a binary manner. (Unless you remember to turn it off later, or the OS does after 3 months of non-use)
Edit/Append - Capability based security dates back to the 1970s. It's perfectly possible to do it with modern hardware. You just need to protect the OS from applications, which anything with an MMU can do. (Or, if you don't have an MMU, you could just run WebAssembly, which is capabilities based)
The key is that instead of giving file names to programs, you give handles (capabilities) at run time, when the user wants to open a file, save, etc. Otherwise the program has NO access to anything by default. (Thus it can't cause unwanted changes anywhere else)