A capability is an unforgeable access token.
todo: noted feature is that it solves the “confused deputy” problem.
Notes related to Capabilities
Papers related to Capabilities
- Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process [nienhuis:secpriv:2020]
- Reasoning about a machine with local capabilities [skorstengaard:esop:2018]
- StkTokens: Enforcing well-bracketed control flow and stack encapsulation using linear capabilities [skorstengaard:popl:2019]
- The CHERI capability model: Revisiting RISC in an age of risk [woodruff:isca:2014]
- CHERI concentrate: Practical compressed capabilities [woodruff:tocs:2019]