HOME

TheInfoList



Click Here for Items Related To - Capability-based Addressing
OR:
Capability-based Addressing on:   [Wikipedia]   [Google]   [Amazon]

In
computer science Computer science is the study of computation, automation, and information. Computer science spans theoretical disciplines (such as algorithms, theory of computation, information theory, and automation) to Applied science, practical discipli ...
, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of
capability-based security Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that refe ...
. Under a capability-based addressing scheme, pointers are replaced by protected objects (called capabilities) that can be created only through the use of privileged instructions which may be executed only by either the
kernel Kernel may refer to: Computing * Kernel (operating system), the central component of most operating systems * Kernel (image processing), a matrix used for image convolution * Compute kernel, in GPGPU programming * Kernel method, in machine learnin ...
or some other privileged process authorised to do so. Thus, a kernel can limit application code and other subsystems access to the minimum necessary portions of memory (and disable write access where appropriate), without the need to use separate
address space In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity. For software programs to save and retrieve st ...
s and therefore require a
context switch In computing, a context switch is the process of storing the state of a process or thread, so that it can be restored and resume execution at a later point, and then restoring a different, previously saved, state. This allows multiple processes ...
when an access occurs.


Practical implementations

Two techniques are available for implementation: *Require capabilities to be stored in a particular area of memory that cannot be written to by the process that will use them. For example, the
Plessey System 250 Plessey System 250, also known as PP250, was the first operational computer to implement capability-based addressing, to check and balance the computation as a pure Church–Turing machine. Plessey built the systems for a British Army message rout ...
required that all capabilities be stored in capability-list segments. *Extend memory with an additional bit, writable only in supervisor mode, that indicates that a particular location is a capability. This is a generalization of the use of tag bits to protect segment descriptors in the
Burroughs large systems The Burroughs Large Systems Group produced a family of large 48-bit mainframes using stack machine instruction sets with dense syllables.E.g., 12-bit syllables for B5000, 8-bit syllables for B6500 The first machine in the family was the B5000 in ...
, and it was used to protect capabilities in the
IBM System/38 The System/38 is a discontinued minicomputer and midrange computer manufactured and sold by IBM. The system was announced in 1978. The System/38 has 48-bit addressing, which was unique for the time, and a novel integrated database system. It w ...
. The designers of the System/38's descendent systems, including
AS/400 The IBM AS/400 (Application System/400) is a family of midrange computers from IBM announced in June 1988 and released in August 1988. It was the successor to the System/36 and System/38 platforms, and ran the OS/400 operating system. Lower-cost ...
and
IBM i IBM i (the ''i'' standing for ''integrated'') is an operating system developed by IBM for IBM Power Systems. It was originally released in 1988 as OS/400, as the sole operating system of the IBM AS/400 line of systems. It was renamed to i5/OS in ...
, removed capability-based addressing. The reason given for this decision is that they could find no way to revoke capabilitiesFrank G. Soltis
Fortress Rochester: The Inside Story of the IBM ISeries
' pp. 119, 283 (although patterns for implementing revocation in capability systems had been published as early as 1974, even before the introduction of System/38).


Chronology of systems adopting capability-based addressing

*1969: System 250
Plessey The Plessey Company plc was a British electronics, defence and telecommunications company. It originated in 1917, growing and diversifying into electronics. It expanded after World War II by acquisition of companies and formed overseas compani ...
Company *1970–77:
CAP computer The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software.Levy, p.96 It was developed at the University of Cambridge Computer Laboratory in the 19 ...
University of Cambridge Computer Laboratory The Department of Computer Science and Technology, formerly the Computer Laboratory, is the computer science department of the University of Cambridge. it employed 35 academic staff, 25 support staff, 35 affiliated research staff, and about 15 ...
*1978:
System/38 The System/38 is a discontinued minicomputer and midrange computer manufactured and sold by IBM. The system was announced in 1978. The System/38 has 48-bit addressing, which was unique for the time, and a novel integrated database system. It w ...
– IBM *1980:
Flex machine The Flex Computer System was developed by Michael Foster and Ian Currie of Royal Signals and Radar Establishment (RSRE) in Malvern, England, during the late 1970s and 1980s. It used a tagged storage scheme to implement a capability architectur ...
Royal Signals and Radar Establishment The Royal Signals and Radar Establishment (RSRE) was a scientific research establishment within the Ministry of Defence (MoD) of the United Kingdom. It was located primarily at Malvern in Worcestershire, England. The RSRE motto was ''Ubique S ...
(RSRE) Malvern *1981:
Intel iAPX 432 The iAPX 432 (''Intel Advanced Performance Architecture'') is a discontinued computer architecture introduced in 1981. It was Intel's first 32-bit processor design. The main processor of the architecture, the ''general data processor'', is imp ...
– Intel *2014
CHERI
(adds capabilities to existing ISAs for safer programming, even in C and
C++ C++ (pronounced "C plus plus") is a high-level general-purpose programming language created by Danish computer scientist Bjarne Stroustrup as an extension of the C programming language, or "C with Classes". The language has expanded significan ...
) *2020
CHEx86
*2022
ARM Morello
(
AArch64 AArch64 or ARM64 is the 64-bit extension of the ARM architecture family. It was first introduced with the Armv8-A architecture. Arm releases a new extension every year. ARMv8.x and ARMv9.x extensions and features Announced in October 2011, AR ...
with CHERI capabilities)


Notes


References

* * * *

*Viktors Berstis,
Security and protection of data in the IBM System/38
', Proceedings of the 7th annual symposium on Computer Architecture, p. 245-252, May 6–08, 1980, La Baule, United States * W. David Sincoskie,
David J. Farber David J. Farber (born April 17, 1934) is a professor of computer science, noted for his major contributions to programming languages and computer networking. He is currently the Distinguished Professor and Co-Director of Cyber Civilization Res ...
: SODS/OS: Distributed Operating System for the IBM Series/1. Operating Systems Review 14(3): 46-54 (July 1980) *G. J. Myers, B. R. S. Buckingham,
A hardware implementation of capability-based addressing
', ACM SIGOPS Operating Systems Review, v.14 n.4, p. 13-25, October 1980 *Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981.
IBM System/38 support for capability-based addressing
'. In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348.
The Cambridge CAP Computer
Levy, 1988
Plessey System 250
a commercial Capability solution, Hank Levy, 1988 *G. D. Buzzard, T. N. Mudge (1983) ''Object-based Computer Systems and the Ada Programming Language'

The University of Michigan – Computer Research Laboratory and Robotics Research Laboratory Department of Electrical and Computer Engineering


External links

* {{Object-capability security Memory management Operating system security