Software security policies, monitor subjects accessing objects, applying access rules. Sadly the rules only apply to a small subset of interactions because the mechanism is identity limited. Calls made by programs within an application like a browser, and the individual machine instructions within programs, go unchecked. Compilers, code reviews and run-time analysis attempt to fill the void with best programming practices. It helps, but security is also threatened by anonymous scripts and downloads that introduce evil lines of code, that spy, steal or cause harm. Moreover, the time of checking and the context of execution differ, while errors from imported scripts are ignored. The internet is hostile and software is vulnerable, so using the web is unavoidably dangerous.
Best practices, operating system calls, and security monitors are unavailable, ignored or bypassed.
Logic demands an assured policy check everything. This includes the program calls within a browser or when dealing with email. To realize, comprehensive software security requires digital integrity assured of trusted computers executing trusted instructions. Nothing else covers the full spectrum of threats.
The PP250 computer used capability-based addressing to achieve a trusted, comprehensive solution. A stored algebra of capability keys regulates the actions of programs. Every instruction is validated and thus all programs to programs calls are checked. This encapsulation mechanism allows best practices, compilers, languages and code analysis to work. Software survives, succeeds and thrives, even in a browser.
Given the concerns over cyber crime, this paper reviews a generic, transparent capability based security system to rekindle interest in this most effective, software security mechanism.