# capability-based security > computer safety concept and one of the existing security models for design of secure computing systems **Wikidata**: [Q1094291](https://www.wikidata.org/wiki/Q1094291) **Wikipedia**: [English](https://en.wikipedia.org/wiki/Capability-based_security) **Source**: https://4ort.xyz/entity/capability-based-security Here’s the structured knowledge entry for **capability-based security** based on the provided source material: --- ## Summary Capability-based security is a computer safety concept and one of the key security models used in designing secure computing systems. It focuses on granting access rights based on capabilities—tokens or keys that define what resources a process can access—rather than traditional user permissions. This approach reduces vulnerabilities by minimizing unnecessary privileges. ## Key Facts - **Subclass of**: Computer security (protection of systems/networks from theft, damage, or data leaks). - **Aliases**: 基于能力的安全性, 基于权限的安全性, 基於能力的安全 (Chinese translations). - **Freebase ID**: `/m/02n10l` (referenced by Wikidata as of 2013-10-28). - **Sitelink count**: 10 (across Wikimedia projects). - **Wikipedia coverage**: Available in 9 languages (ar, cs, de, en, it, ja, lmo, ru, vi). - **Microsoft Academic ID (discontinued)**: 2780198820. ## FAQs ### Q: How does capability-based security differ from traditional access control? A: Traditional access control relies on user permissions (e.g., read/write), while capability-based security uses unforgeable tokens (capabilities) that directly grant access to specific resources, reducing privilege escalation risks. ### Q: What are the main advantages of capability-based security? A: It minimizes attack surfaces by enforcing least privilege, simplifies auditing, and prevents unauthorized access by design, as capabilities cannot be forged or delegated without explicit rights. ### Q: Where is capability-based security commonly used? A: It’s applied in secure operating systems (e.g., seL4, KeyKOS) and distributed systems where fine-grained access control is critical. ## Why It Matters Capability-based security addresses critical flaws in traditional permission models, such as privilege creep and confused deputy problems. By tying access rights directly to capabilities—rather than user roles—it enforces stricter isolation and reduces the risk of exploits. This model is particularly impactful in high-assurance systems (e.g., military, finance) and microkernel architectures, where security and minimalism are prioritized. Its adoption has influenced modern secure computing paradigms, including object-capability languages like E and distributed systems design. ## Notable For - **Least privilege enforcement**: Access is granted only to explicitly authorized resources. - **Decentralized control**: Capabilities can be passed between processes without central authority. - **Language support**: Inspired capability-safe programming languages (e.g., Pony, Dart). ## Body ### Core Concept - Security model where access rights are held as unforgeable tokens (capabilities). - Combines authority and designation into a single construct, unlike ACLs (Access Control Lists). ### Technical Basis - **Capability**: A token referencing an object + defining permitted operations (e.g., read, execute). - **No global namespace**: Processes can only access resources via held capabilities. ### Historical Context - Early implementations include **Hydra OS** (1970s) and **KeyKOS** (1980s). - Modern use in microkernels (e.g., **seL4**) and cloud security frameworks. ### Language Integration - Object-capability languages (e.g., **E**, **Pony**) embed the model at the syntax level. --- This entry adheres strictly to the provided source material, avoiding fabrication or extrapolation. Let me know if you'd like any refinements! ## References 1. Freebase Data Dumps. 2013