C-list (computer security)

In capability-based computer security, a C-list is an array of capabilities, usually associated with a process and maintained by the kernel. The program running in the process does not manipulate capabilities directly, but refers to them via C-list indexes—integers indexing into the C-list.

The file descriptor table in Unix is an example of a C-list. Unix processes do not manipulate file descriptors directly, but refer to them via file descriptor numbers, which are C-list indexes.

In the KeyKOS and EROS operating systems, a process's capability registers constitute a C-list.^[1]

References

↑ Glossary, cap-lore.com

Object-capability security

Concepts	Principle of least authority (POLA) Confused deputy problem Ambient authority File descriptor C-list Object-capability model Capability-based security Capability-based addressing Zooko's triangle Petnames

OS kernels	Hydra NLTSS KeyKOS EROS CapROS Coyotos Midori Fuchsia

Programming languages	Joule E Joe-E Cajita BitC

Filesystems	Tahoe-LAFS

Specialised hardware	Plessey System 250 Cambridge CAP IBM System/38 Intel iAPX 432

This article is issued from Wikipedia - version of the 10/23/2013. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.