2) Capability-Based Protection System

The authority to perform actions or to reference particular objects was to be conferred by the possession of a capability, which is basically an unforgeable system-produced pointer to the representation of an object, together with the type of that object and a specification of the access to be permitted. This pointer could be followed only by system code, so that the representation was directly accessible only by the system. Capabilities are stored in special regions of memory (capability lists). Virtual instructions are available to move these capabilities from one list to another. The access granted by a capability may be reduced.