CapDesk
From Wikipedia, the free encyclopedia
CapDesk is a desktop environment that rigorously applies the Principle of least authority, in order to provide security for the user when running applications.
Under CapDesk, applications are run with minimal authority, so that an application does not have access to a given file or directory until the user explicitly grants the application the right to access it.
CapDesk is a research system that aims to show that this does not reduce the usability of the system. On the contrary; CapDesk's user interface is quite conventional from the user's point of view. Standard GUI mechanisms such as opening a file or using a file chooser are the basis for granting access rights to applications.
CapDesk was the first system to implement a Powerbox file chooser.
CapDesk is written in the E programming language, which in turn is currently implemented in Java.
[edit] Caplet
In the CapDesk desktop environment, a caplet is a program that starts off with no authority beyond the ability to interact with the user via a window and to request capabilities via a powerbox.
The term is a pun on applet, combining the term with "cap" which is short for "capability".
Applets such as Java applets often have no non-trivial use, because they do not have—and more importantly, cannot be granted—useful authority, such as the ability to save a file to the user's filesystem. In contrast, caplets are more useful, because they can request and be granted authority in a fine-grained but secure way.
[edit] See also
- Polaris (computer security), a similar system, for running Windows applications
- Bitfrost
[edit] External links
- A Security Analysis of the Combex DarpaBrowser Architecture, David Wagner and Dean Tribble, March 4, 2002
- E and CapDesk