•
                      •
                                                                                                  •
                                                                                    •
                                          •
                                                                             •
                                   •
              •
                            Can
                                                 –
                                                            –
                                                      –
                                                                 –
   Operating
                                                                             can
                                                                        e.g.
              nice
                                          have
                                                                                                  store
                                                                                           must
                                                                                    easily
                            also
                                                                             be
                                                                        as
                                                      IBM
                                                 Intel
                                                            CAP
              for
                                                                                                  in
                                   support
                      checked
   Systems
                                                                                                         Capabilities
                                                            I,
                                                                 Plessey
                            use
   —
                      by
                                                                                           make
                                                                        part
                                                                             used
                                          special
                                                            II,
                                                                                                               Capabilities
                                                                        of
                                                            III
                                                                                                  address
                                   passing
                                                                                           sure
                                                                                    accessible
   Protection
                                                 iAPX432
                                                                             with
                                                                 PP250
                                                      system/38
                                   of
                                                                                    to
              distributed
                            software
                                                                                                         associated
                                          machine
                                                                                                  space
                                                                             high
                      encryption
                                                                                           subject
                                                                                                  of
                                                                                                         with
                                                                        addressing
                                                                             duty
              systems
                                                                                    hardware
                                                                                           can’t
                                   capabilities
                                                                                                         active
                            capabilities:
                                                                                                  subject
                                                                             cycle
                                   on
                                          instructions
                                                                                           forge
                                                                        hardware
                                          to
                                                                                                         subjects,
                                          modify
                                   procedure
                                                                                                         so:
                                                                                           capabilities
                                          (restrict)
                                   (program)
                                   call
                                          capabilities
   106