Capability-based addressing

From Wikipedia, the free encyclopedia

In computer science, capability-based addressing is a scheme used by some computers to control access to memory. Under a capability-based addressing scheme, pointers are protected objects (called capabilities) that can only be created through the use of privileged instructions which may only be executed by the kernel (or some other privileged process authorised to do so). This effectively allows the kernel to control which processes may access which objects in memory without the need to use separate address spaces and therefore requiring a context switch when an access occurs. This allows an efficient implementation of capability-based security.

Two techniques are available for implementation:

Require capabilities to be stored in a particular area of memory that cannot be written to by the process that will use them. For example, the Plessey System 250 required that all capabilities be stored in capability-list segments.
Extend memory with an additional bit that indicates that a particular location is a capability, and make instructions that set that bit fail if executed in user mode. This is a generalization of the use of tag bits to protect segment descriptors in the Burroughs large systems, and it was used to protect capabilities in the IBM System/38.

While popular in research systems, capability-based addressing is not commonly available in commercial computer systems, see Plessey System 250. The most widely sold systems using capability based addressing are the IBM System/38 and its descendents in the AS/400 family, but users of these systems are rarely aware of their sophisticated memory addressing model.