C-list (computer security): Difference between revisions

Content deleted Content added

Inline

Latest revision as of 18:17, 8 March 2023

In capability-based computer security, a C-list is an array of capabilities, usually associated with a process and maintained by the kernel. The program running in the process does not manipulate capabilities directly, but refers to them via C-list indexes—integers indexing into the C-list.

The file descriptor table in Unix is an example of a C-list. Unix processes do not manipulate file descriptors directly, but refer to them via file descriptor numbers, which are C-list indexes.

In the KeyKOS and EROS operating systems, a process's capability registers constitute a C-list.^[1]

References

^ "Glossary". Cap-lore.com. 2000-01-19. Retrieved 2019-07-08.

[1] "Glossary". Cap-lore.com. 2000-01-19. Retrieved 2019-07-08.

[1]

@@ Line 1: / Line 1: @@
-In [[Capability-based security|capability-based computer security]], a '''C-list''' is an [[array]] of capabilities, usually associated with a [[process (computing)]] and maintained by the [[kernel (computer science)]].  The program running in the process does not manipulate capabilities directly, but refers to them via '''C-list indexes'''—integers indexing into the C-list.
+In [[Object-capability model|capability-based computer security]], a '''C-list''' is an [[array (data structure)|array]] of capabilities, usually associated with a [[process (computing)|process]] and maintained by the [[kernel (operating system)|kernel]]. The program running in the process does not manipulate capabilities directly, but refers to them via '''C-list indexes'''—integers indexing into the C-list.
-The [[file descriptor]] table in [[Unix]] is an example of a C-list.  Unix processes do not manipulate file descriptors directly, but refer to them via file descriptor numbers, which are C-list indexes.
+The [[file descriptor|file descriptor table]] in [[Unix]] is an example of a C-list.  Unix processes do not manipulate [[file descriptor]]s directly, but refer to them via file descriptor numbers, which are C-list indexes.
-In the [[KeyKOS]] and [[EROS]] operating systems, a process's capability registers constitute a C-list.
+In the [[KeyKOS]] and [[EROS (microkernel)|EROS]] operating systems, a process's capability registers constitute a C-list.<ref>{{cite web|url=http://www.cap-lore.com/CapTheory/Glossary.html |title=Glossary |publisher=Cap-lore.com |date=2000-01-19 |accessdate=2019-07-08}}</ref>
+== See also ==
+* [[Access-control list]]
+== References ==
+{{Reflist}}
+{{Object-capability security}}
+[[Category:Arrays]]
+[[Category:Operating system security]]

v t e Object-capability security
Concepts	Principle of least privilege (PoLP) Confused deputy problem Ambient authority File descriptor C-list Object-capability model Capability-based security Capability-based addressing Zooko's triangle Petnames
Operating systems, kernels	Capsicum Fuchsia Genode GNOSIS → KeyKOS → EROS → CapROS Hydra iMAX 432 Midori NLTSS seL4 HarmonyOS (HarmonyOS NEXT) Phantom OS
Programming languages	Cajita E Joe-E Joule
File systems	Tahoe-LAFS
Specialised hardware	BiiN Cambridge CAP Flex IBM System/38 Intel iAPX 432 Plessey System 250