In this paper, to begin with the implementation of Lampson access matrix in HRU access matrix model, we describe the principles of capability security mechanism, and then explain how to build a capability-based system. In order to make clear capability security mechanism, we use Linux capability as an example to explain it in detail. Further more, we compare it to classic capability-based system and analyze the difference between them. At last we make some conclusions that Linux capability is just a try to implement capability security mechanism in Linux operating system. It makes its capabilities unforgeable by storing them in internal kernel memory space. POSIX capabilities used in Linux , which are quite different, divide all traditional powerful root privilege into a set of distinct privileges, therefore harden Linux in face of some defective programs.
|