Capability-based addressing
Encyclopedia
In computer science
, capability-based addressing is a scheme used by some computers to control access to memory. Under a capability-based addressing scheme, pointers are replaced by protected objects (called capabilities) that can only be created through the use of privileged instructions which may only be executed by the kernel (or some other privileged process authorised to do so). This effectively allows the kernel to control which processes may access which objects in memory without the need to use separate address space
s and therefore requiring a context switch
when an access occurs. This allows an efficient implementation of capability-based security
.
While popular in research systems, capability-based addressing is not commonly available in commercial computer systems, with a few exceptions (e.g. Plessey System 250
). The most widely sold architecture using capability-based addressing is the IBM System/38 (but users of these systems were rarely aware of its sophisticated memory-addressing model) .
The designers of the System/38's descendent systems, AS/400 and iSeries, removed capability-based addressing. The reason given for this decision is that they could find no way to revoke capabilities (although patterns for implementing revocation in capability systems had been published as early as 1974, even before the introduction of System/38).
Further potential additions can be found here: http://www.eros-os.org/pipermail/cap-talk/2007-July/008234.html.
Computer science
Computer science or computing science is the study of the theoretical foundations of information and computation and of practical techniques for their implementation and application in computer systems...
, capability-based addressing is a scheme used by some computers to control access to memory. Under a capability-based addressing scheme, pointers are replaced by protected objects (called capabilities) that can only be created through the use of privileged instructions which may only be executed by the kernel (or some other privileged process authorised to do so). This effectively allows the kernel to control which processes may access which objects in memory without the need to use separate address space
Address space
In computing, an address space defines a range of discrete addresses, each of which may correspond to a network host, peripheral device, disk sector, a memory cell or other logical or physical entity.- Overview :...
s and therefore requiring a context switch
Context switch
A context switch is the computing process of storing and restoring the state of a CPU so that execution can be resumed from the same point at a later time. This enables multiple processes to share a single CPU. The context switch is an essential feature of a multitasking operating system...
when an access occurs. This allows an efficient implementation of capability-based security
Capability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights...
.
Practical implementations
Two techniques are available for implementation:- Require capabilities to be stored in a particular area of memory that cannot be written to by the process that will use them. For example, the Plessey System 250Plessey System 250-History:Manufactured by Plessey company plc in the United Kingdom in 1970, it was successfully deployed by the Ministry of Defence for the British Army Ptarmigan project and served in the first Gulf War as a tactical mobile communication network switch....
required that all capabilities be stored in capability-list segments. - Extend memory with an additional bit, writable only in supervisor mode, that indicates that a particular location is a capability. This is a generalization of the use of tag bits to protect segment descriptors in the Burroughs large systems, and it was used to protect capabilities in the IBM System/38.
While popular in research systems, capability-based addressing is not commonly available in commercial computer systems, with a few exceptions (e.g. Plessey System 250
Plessey System 250
-History:Manufactured by Plessey company plc in the United Kingdom in 1970, it was successfully deployed by the Ministry of Defence for the British Army Ptarmigan project and served in the first Gulf War as a tactical mobile communication network switch....
). The most widely sold architecture using capability-based addressing is the IBM System/38 (but users of these systems were rarely aware of its sophisticated memory-addressing model) .
The designers of the System/38's descendent systems, AS/400 and iSeries, removed capability-based addressing. The reason given for this decision is that they could find no way to revoke capabilities (although patterns for implementing revocation in capability systems had been published as early as 1974, even before the introduction of System/38).
Chronology of systems adopting capability-based addressing
- 1969: System 250 - Plessey Corporation
- 1978: System/38System/38The System/38 was a midrange computer server platform manufactured and sold by the IBM Corporation. The system offered a number of innovative features, and was the brainchild of IBM engineer Dr. Frank Soltis...
- IBM
Further potential additions can be found here: http://www.eros-os.org/pipermail/cap-talk/2007-July/008234.html.