Capability-based addressing


Capability-based addressing

In computer science, capability-based addressing is a scheme used by some computers to control access to memory. Under a capability-based addressing scheme, pointers are replaced by protected objects (called capabilities) that can only be created through the use of privileged instructions which may only be executed by the kernel (or some other privileged process authorised to do so). This effectively allows the kernel to control which processes may access which objects in memory without the need to use separate address spaces and therefore requiring a context switch when an access occurs. This allows an efficient implementation of capability-based security.

Practical implementations

Two techniques are available for implementation:
* Require capabilities to be stored in a particular area of memory that cannot be written to by the process that will use them. For example, the Plessey System 250 required that all capabilities be stored in capability-list segments.
* Extend memory with an additional bit, writable only in supervisor mode, that indicates that a particular location is a capability. This is a generalization of the use of tag bits to protect segment descriptors in the Burroughs large systems, and it was used to protect capabilities in the IBM System/38.

While popular in research systems, capability-based addressing is not commonly available in commercial computer systems, with a few exceptions (e.g. Plessey System 250). The most widely sold architecture using capability-based addressing is the IBM System/38 (but users of these systems were rarely aware of its sophisticated memory-addressing model) Fact|date=July 2007.

The designers of the System/38's descendent systems, AS/400 and iSeries, removed capability-based addressing. The reason given in Frank G. Soltis " [http://books.google.com/books?id=ypJmzqt7JdUC Fortress Rochester: The Inside Story of the IBM ISeries] " pp.119, 283 ] for this decision is that they could find no way to revoke capabilities (although patterns for implementing revocation in capability systems had been published as early as 1974 cite paper |author=Redell, David D. |title=Naming and Protection in Extendible Operating Systems |date=November 1974 |version=PhD. Thesis, also published as Project MAC TR-140 |publisher=MIT |url=http://www.lcs.mit.edu/publications/specpub.php?id=708] , even before the introduction of System/38).

Chronology of systems adopting capability-based addressing

*1969: System 250 - Plessey Corporation
*1978: System/38 - IBM

Further potential additions can be found here: [http://www.eros-os.org/pipermail/cap-talk/2007-July/008234.html] .

Notes

References

*R. S. Fabry (1974) " [http://doi.acm.org/10.1145/361011.361070 Capability-based addressing] " Communications of the ACM . Volume 17 , Issue 7 (July 1974). pp. 403 - 412

*

*cite journal | author= P. J. Denning |title=Fault tolerant operating systems | journal = ACM Computing Surveys (CSUR) | pages=359–389 | volume =8 | issue = 4 | year=1976| month = December |id=ISSN|0360-0300 | url = http://portal.acm.org/citation.cfm?id=356680&dl=ACM&coll=&CFID=15151515&CFTOKEN=6184618 |doi=10.1145/356678.356680

*cite book |author=Levy, Henry M. |title=Capability-based computer systems |publisher=Digital Press |location=Maynard, Mass |year=1984 |pages= |isbn=0-932376-22-3 |oclc= |doi= |url=http://www.cs.washington.edu/homes/levy/capabook/index.html

* [http://csrc.nist.gov/publications/history/lind76.pdf]

*Viktors Berstis, " [http://doi.acm.org/10.1145/800053.801932 Security and protection of data in the IBM System/38] ", Proceedings of the 7th annual symposium on Computer Architecture, p.245-252, May 06-08, 1980, La Baule, United States

*W. David Sincoskie, David J. Farber: SODS/OS: Distributed Operating System for the IBM Series/1. Operating Systems Review 14(3): 46-54 (July 1980)

*G. J. Myers , B. R. S. Buckingham, " [http://portal.acm.org/citation.cfm?id=641916&dl=GUIDE&coll=GUIDE&CFID=23904306&CFTOKEN=54433927 A hardware implementation of capability-based addressing] ", ACM SIGOPS Operating Systems Review, v.14 n.4, p.13-25, October 1980

*Houdek, M. E., Soltis, F. G., and Hoffman, R. L. 1981. " [http://portal.acm.org/citation.cfm?id=800052.801885 IBM System/38 support for capability-based addressing] ". In Proceedings of the 8th ACM International Symposium on Computer Architecture. ACM/IEEE, pp. 341–348.

* [http://www.cs.washington.edu/homes/levy/capabook/Chapter5.pdf The Cambridge CAP Computer] , Levy, 1988

* [http://www.cs.washington.edu/homes/levy/capabook/Chapter10.pdf Plessey System 250] , a commercial Capability solution, Hank Levey, 1988

External links

*cite web |url=http://www.eros-os.org/pipermail/cap-talk/2006-August/005543.html |title= [cap-talk] On the Spread of the Capability Approach |accessdate=2007-07-16 |format= |work=
*cite web |url=http://portal.acm.org/citation.cfm?id=888932&dl=GUIDE&coll=GUIDE&CFID=23904306&CFTOKEN=54433927 |title=NAMING AND PROTECTION IN EXTENDABLE OPERATING SYSTEMS |accessdate=2007-07-16 |format= |work=


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Capability-based security — is a concept in the design of secure computing systems. A capability (known in some systems as a key) is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights …   Wikipedia

  • Capability Maturity Model — The Capability Maturity Model (CMM) is a process capability maturity model which aids in the definition and understanding of an organization s processes .The CMM was first described in Managing the Software Process by Watts Humphrey, [cite book… …   Wikipedia

  • Object-capability model — The object capability model is a computer security model based on the Actor model of computation. The name object capability model is due to the idea that the capability to perform an operation can be obtained by the following combination: an… …   Wikipedia

  • Aircraft Communication Addressing and Reporting System — Aircraft Communications Addressing and Reporting System (or ACARS) is a digital datalink system for transmission of small messages between aircraft and ground stations via radio or satellite. The protocol, which was designed by ARINC to replace… …   Wikipedia

  • Availability based tariff — (popularly known as ABT) is a frequency based pricing mechanism for electric power. The Availability based tariff falls under Electricity market mechanisms to charge and regulate power to achieve short term and long term network stability as well …   Wikipedia

  • Kernel (computer science) — In computer science, the kernel is the central component of most computer operating systems (OS). Its responsibilities include managing the system s resources (the communication between hardware and software components). As a basic component of… …   Wikipedia

  • Kernel (computing) — A kernel connects the application software to the hardware of a computer In computing, the kernel is the main component of most computer operating systems; it is a bridge between applications and the actual data processing done at the hardware… …   Wikipedia

  • IBM System/38 — The System/38 was a midrange computer Server Platform manufactured and sold by the IBM Corporation. The system offered a number of innovative features, and was the brainchild of IBM engineer Dr. Frank Soltis. Developed under the code name Pacific …   Wikipedia

  • Memory protection — is a way to control memory access rights on a computer, and is a part of most modern operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug… …   Wikipedia

  • Защита памяти — (англ. Memory protection)  это способ управления правами доступа к отдельным регионам памяти. Используется большинством многозадачных операционных систем. Основной целью защиты памяти является запрет доступа процессу к той памяти,… …   Википедия