← Back to Topics

Capability-Based Security

The cluster focuses on capability-based security models for operating systems, advocating for sandboxing, least privilege, and explicit resource access to protect users from untrusted applications, in contrast to traditional Unix-style ambient authority.

➡️ Stable 0.6x Security
4,603
Comments
20
Years Active
5
Top Authors
#1736
Topic ID

Activity Over Time

2007
1
2008
12
2009
23
2010
35
2011
49
2012
65
2013
81
2014
125
2015
288
2016
257
2017
209
2018
279
2019
294
2020
285
2021
532
2022
502
2023
487
2024
443
2025
577
2026
59

Top Contributors

mikewarot (170) naasking (38) josephg (32) zzo38computer (28) charcircuit (24)

Keywords

e.g dic.nsf HN CLI AppArmor NO wikipedia.org POSIX NULL enacademic.com capability user security permissions access privilege privileges security model capabilities operating

Sample Comments

jayd16 Mar 15, 2024 View on HN

Probably Capability based securityhttps://en.wikipedia.org/wiki/Capability-based_security

btilly May 20, 2015 View on HN

Capability based systems offer better options.All access to anything important (network, files, other commands, etc) have to happen through opaque handles called capabilities. Think of them as objects that you can't look for.When you call code, you pass it a set of capabilities that are available. That is all it can ever access.But the whole language and environment needs to be defined from the bottom up to enable this.

jerf Dec 4, 2019 View on HN

The phrase you're looking for to poke into a search engine is "capability-based security": https://en.wikipedia.org/wiki/Capability-based_securityIt's a long, kinda story, which I'm not intimately familiar with, but seems to boil down to, it's more effort than we're willing to spend on rebooting our entire computing infrastructure. (Lo

mAritz Mar 13, 2018 View on HN

Isn't the first part of your suggestion handled on OS level anyways? Aka. restricted user access, SELinux, AppArmor etc.

mikewarot Jul 9, 2023 View on HN

Unpopular opinion: Secure general purpose computing isn't available for the masses. In fact, most people here on HN don't have access to it either. Our current crop of widely used operating systems all share the same flaw, the ambient authority granted to any program that is run to access anything that the user account is permitted to access.This causes a host of problems, and almost nobody is aware of them, or incorrectly assigns them to other causes. This results in a patchwork of

mikewarot Feb 8, 2022 View on HN

I'd like to make my life's principle one generally shared by everyone.No human should ever have to blindly trust a program to do the right thing. That is the job of the operating system.The OS should make it easy to select the resources that a program is allowed to access. It should be as easy as taking a dollar bill from a wallet.The OS should make NO other access possible for the program to be run.This, ladies and gentlemen, is Capability Based Security... something we&#x

anaphor Apr 8, 2021 View on HN

You seem to be unaware of the existence of capability based security. https://en.wikipedia.org/wiki/Capability-based_security

nathants Jun 23, 2023 View on HN

isn’t the current linux security mindset that all access is potentially privileged?

Jyaif Jun 16, 2025 View on HN

You want a capability based OS where by default processes are sandboxed.

mikewarot Jan 30, 2022 View on HN

This is a failure of the security model underlying the operating system design.Operating Systems exist to securely multiplex the resources of a system and make them fairly and reliably available to the user of that system. In order to do so, the first order of business is that the system should observe the principle of least privilege. That is, it should grant no privileges by default, and only grant access to the resources required for a task to complete.iOS, Android, Linux, Unix, Windows