Capabilities == O-O Security
Capability discipline -> good software engineering
Good software engineering -> capability discipline
Modularity -> omit needless dependencies
- Required trust is a form of dependency
- Information hiding -> “need to know”
- POLA -> “need to do”
- Security is the extreme of modularity
Security Abstraction Mechanisms
Patterns of Cooperation Without Vulnerability