The Capability Object Model, AKA, Capability Based Security. It was invented in response to issues discovered during the Viet Nam conflict by the US Military. The Bell-LaPadula model is an example of a policy model that can keep a computer secure while keeping it usable.
The permission flags mess on your smartphone is NOT capability based security. Neither is AppArmour, or SeLinux. Linux is completely incompatible, as are Windows, MacOS, etc.
Interestingly, it's not much change in code for an application to be ported. You take out code for calling file selection dialogs, and file opens, and replace then with a call for a powerbox to select a capability, and use that in place of the file handles, and you're done.
It's more like cash in your wallet... you can easily take out $5 to pay for something, limiting the side effects of the transaction to $5. It's not possible to run code (without gymnastics) and only give it file X on most operating systems.
WASM is as close as we've gotten in a while since they gave up on Multics. Genode is coming, but they seem to have been distracted by smartphones.
The permission flags mess on your smartphone is NOT capability based security. Neither is AppArmour, or SeLinux. Linux is completely incompatible, as are Windows, MacOS, etc.
Interestingly, it's not much change in code for an application to be ported. You take out code for calling file selection dialogs, and file opens, and replace then with a call for a powerbox to select a capability, and use that in place of the file handles, and you're done.
It's more like cash in your wallet... you can easily take out $5 to pay for something, limiting the side effects of the transaction to $5. It's not possible to run code (without gymnastics) and only give it file X on most operating systems.
WASM is as close as we've gotten in a while since they gave up on Multics. Genode is coming, but they seem to have been distracted by smartphones.