[ryukafalz]

Capabilities themselves can certainly be implemented at a very low level; you might implement them as an array of capabilities associated with each process: https://en.wikipedia.org/wiki/C-list_%28computer_security%29

As that page points out, POSIX file descriptors are effectively c-lists. A capability operating system would use similar mechanisms to control access to resources other than just open files.

The other things GP mentioned (logging, interdiction, UIs for visibility/control, etc) are layers that you would implement on top of the lowest-level capability system.

[FuriouslyAdrift]

The Plessey 250 was a great one... https://en.wikipedia.org/wiki/Plessey_System_250

[ryukafalz]

Ah, thanks for the reference! Yes, there are a lot of very old capability systems in computing history.

I've got a copy of Capability-Based Computer Systems on my shelf that I've been meaning to read for a while, and it covers the Plessey System 250: https://homes.cs.washington.edu/~levy/capabook/

Very much not a new concept! Though note that this book was published in 1984 and there have been several newer developments in the capability literature since then. (Revocation for example, which is mentioned as an issue in chapter 10 but has since been addressed with some capability design patterns.)

[nmgycombinator]

Oh nice! I'll take a look at these.