Capability List

Definition

Capability List

A capability list is a row-wise decomposition of the access matrix. Each domain stores a list of $⟨ object, rights ⟩$ pairs, where one pair is called capability.

For domain $d_{i}$ , the capability list is:
$C-list (d_{i}) = {⟨ o_{j}, A [d_{i}, o_{j}]⟩ ∣ A [d_{i}, o_{j}] \neq = \emptyset}$

Subject-Centric

Checking access is fast: the domain presents its capability, and the system verifies its authenticity. Capabilities are typically implemented as protected tokens (tickets) that cannot be forged, for example via encryption or kernel-managed references.

Examples

File Descriptor as Capability

In Unix, a file descriptor acts as a capability. The kernel validates the descriptor on each operation; user processes cannot forge valid descriptors.

Lukas' Notes

Capability List

Table of Contents

Definition

Subject-Centric

Examples

Backlinks