Capability-based security is a model used in operating systems and software design. What is its main goal?
Think about how access rights are given and checked in capability systems.
Capability-based security uses tokens called capabilities that are unforgeable and specify what actions are allowed. This controls access directly.
Choose the option that correctly defines a capability.
Capabilities are related to permissions and access control.
A capability is a key or token that grants specific access rights to an object, allowing the holder to perform certain operations.
Consider the differences between capability-based security and ACLs. Which statement correctly highlights a key difference?
Think about where permissions are stored and how they are checked.
In capability-based security, the user holds unforgeable tokens (capabilities) granting access. In ACLs, the object stores a list of users and their permissions.
What makes capabilities unforgeable, ensuring security in capability-based systems?
Consider how the system prevents users from creating fake capabilities.
Capabilities are often implemented as tokens encrypted or protected by the system so users cannot create or alter them without authorization.
Given a capability-based security model, how does a user safely delegate access rights to another user?
Think about how capabilities represent access and how they can be passed.
Delegation in capability systems happens by passing the capability token itself, which grants the rights to the recipient.