Programming languages can provide this protection.
Approach 4 : Cryptography
Option 1:
A copy of each capability is stored with a random bit sequence in the kernel.
Processes maintain copies of capability/bit sequence pairs.
A capability/bit sequence is valid if and only if it matches a capability/bit sequence
in the kernel.
Advantage:
- Capabilities can be shared without invoking the kernel
Disadvantages:
- The kernel must store the capability information
- The kernel is needed to verify that a capability is not forged
Option 2 (Secret Key Cryptography):
The kernel stores a private key that is used to encrypt capabilities.
Processes maintain copies of the capabilities which the kernel verifies using its private key.
Advantages:
- Capabilities can be shared without invoking the kernel
- Kernel only needs to store its private key
Disadvantage:
- The kernel is needed to verify that a capability is not forged.
Option 3 (Public Key Cryptography):
The kernel keeps a private key that is used to sign capabilities.
Processes use the kernel's public key to check that capabilities are valid without
invoking the kernel.