Room: DMS 1160
There are two approaches to build a capability system, tagged approach and partitioned approach. CHERI is using the tagged approach. This paper will talk about another way to build a capability system, that is the partitioned approach. The partitioned approach can actually be implemented by using segmentation. Although segmentation exists in x86 for a long time, unfortunately it is not well-suited for building a capability system. This paper proposes a new segmentation hardware that can be used to build a capability system. Besides that we can also get a lot of benefits from using segmentation, such as simplification of TLB miss handling in guest virtual machine, simplification of IOMMU implementation, simplification of shared library, simplification of cross-process call, etc. This paper will also explain why we need a single address space operating system and what is its relationship with capability system. At the end I will also talk about how the system can maintain backward compatibility with old multi-address-space programs.
The following slides have been made available for this session: