CAP computer

Last updated
The CAP Computer as it currently stands in the Cambridge computer lab. CAP Computer (general view) - Cambridge University.JPG
The CAP Computer as it currently stands in the Cambridge computer lab.

The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities, both in hardware and software. [1] It was developed at the University of Cambridge Computer Laboratory in the 1970s. Unlike most research machines of the time, it was also a useful service machine. [1]

Contents

The sign currently on the front of the machine reads:

The CAP project on memory protection ran from 1970 to 1977. It was based on capabilities implemented in hardware, under M. Wilkes and R. Needham with D. Wheeler responsible for the implementation. R. Needham was awarded a BCS Technical Award in 1978 for the CAP (Capability Protection) Project.

Design

The CAP was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities.

Archive photo from 1979, showing the inside of the machine and its connection to the Cambridge Ring. CAP computer 1979.jpg
Archive photo from 1979, showing the inside of the machine and its connection to the Cambridge Ring.

The 32-bit processor featured microprogramming control, two 256-entry caches, a 32-entry write buffer and the capability unit itself, which had 64 registers for holding evaluated capabilities. Floating point operations were available using a single 72-bit accumulator. The instruction set featured over 200 instructions, including basic ALU and memory operations, to capability- and process-control instructions.

Instead of the programmer-visible registers used in Chicago and Plessey System 250 designs, the CAP would load internal registers silently when a program defined a capability. [2] The memory was divided into segments of up to 64K 32-bit words. Each segment could contain data or capabilities, but not both. Hardware was accessed via an associated minicomputer.

All procedures constituting the operating system were written in ALGOL 68C, although a number of other closely associated protected procedures - such as a paginator - are written in BCPL. [3]

Operation

The CAP first became operational in 1976. A fully functional computer, it featured a complete operating system, file system, compilers, and so on. The OS used a process tree structure, with an initial process called the "Master coordinator". This removed the need for separate modes of operation, as each process could directly access the resources of its children. In practice, only two levels were ever used during the CAP's operation. [4]

In 1981 the MACRO SPITBOL version of the SNOBOL4 programming language was implemented on the CAP by Nicholas J. L. Brown. [5]

See also

Notes

  1. 1 2 Levy, p.96
  2. Levy, p. 79
  3. Wilkes and Needham, p. 32
  4. Levy, p. 81
  5. Brown, Nicholas J. L. (1981, April). CAP SPITBOL Manual and User's Guide. Unpublished undergraduate dissertation. University of Cambridge Computer Laboratory.

Related Research Articles

IA-32 is the 32-bit version of the x86 instruction set architecture, designed by Intel and first implemented in the 80386 microprocessor in 1985. IA-32 is the first incarnation of x86 that supports 32-bit computing; as a result, the "IA-32" term may be used as a metonym to refer to all x86 versions that support 32-bit computing.

Microcode is a processor design technique that interposes a layer of computer organization between the CPU hardware and the programmer-visible instruction set architecture of the computer. As such, the microcode is a layer of hardware-level instructions that implement higher-level machine code instructions or internal state machine sequencing in many digital processing elements. Microcode is used in general-purpose central processing units, although in current desktop CPUs, it is only a fallback path for cases that the faster hardwired control unit cannot handle.

PDP-10 36 bit mainframe computer family built 1966–1983

Digital Equipment Corporation (DEC)'s PDP-10, later marketed as the DECsystem-10, is a mainframe computer family manufactured beginning in 1966 and discontinued in 1983. 1970s models and beyond were marketed under the DECsystem-10 name, especially as the TOPS-10 operating system became widely used.

x86 Family of instruction set architectures

x86 is a family of instruction set architectures initially developed by Intel based on the Intel 8086 microprocessor and its 8088 variant. The 8086 was introduced in 1978 as a fully 16-bit extension of Intel's 8-bit 8080 microprocessor, with memory segmentation as a solution for addressing more memory than can be covered by a plain 16-bit address. The term "x86" came into being because the names of several successors to Intel's 8086 processor end in "86", including the 80186, 80286, 80386 and 80486 processors.

In computer science, an instruction set architecture (ISA) is an abstract model of a computer. It is also referred to as architecture or computer architecture. A realization of an ISA, such as a central processing unit (CPU), is called an implementation.

ARM is a family of reduced instruction set computing (RISC) architectures for computer processors, configured for various environments. Arm Ltd. develops the architecture and licenses it to other companies, who design their own products that implement one of those architectures‍—‌including systems-on-chips (SoC) and systems-on-modules (SoM) that incorporate different components such as memory, interfaces, and radios. It also designs cores that implement this instruction set and licenses these designs to a number of companies that incorporate those core designs into their own products.

The Burroughs Large Systems Group produced a family of large 48-bit mainframes using stack machine instruction sets with dense syllables. The first machine in the family was the B5000 in 1961. It was optimized for compiling ALGOL 60 programs extremely well, using single-pass compilers. It evolved into the B5500. Subsequent major redesigns include the B6500/B6700 line and its successors, as well as the separate B8500 line.

Plessey System 250, also known as PP250, was the first operational computer to implement capability-based addressing, to check and balance the computation as a pure Church-Turing Machine. A Church-Turing Machine is a digital computer that encapsulates the symbols in a thread of computation as a chain of protected abstractions by enforcing the dynamic binding laws of Alonzo Church's Lambda Calculus Other Capability Based Computers including CHERI and CAP computer are hybrids. They retain default instructions that can access every word of accessible physical or logical (paged) memory. It is an unavoidable characteristic of the von Neumann Architecture that is founded on shared random access memory and blind trust in the sharing default access rights. For example, every word in every page managed by the virtual memory manager in an operating system using a Memory management unit must be blindly trusted. Using a default privilege among many compiled programs allows corruption to grow without any method of error detection. However, the range of virtual addresses given to the MMU or the range of physical addresses produced by the MMU is shared undetected corruption flows across the shared memory space from one software function to another. PP250 removed not only virtual memory or any centralized, precompiled operating system but also the superuser, removing all default machine privileges. It is default privileges that empower undetected malware and hacking in a computer. Instead, the pure Object-capability model of PP250 always requires a limited capability key to define the authority to operate. PP250 separated binary data from capability data to protect access rights, simplify the computer and speed garbage collection. The Church-Machine encapsulates and context limits the Turing Machine by enforcing the laws of the Lambda Calculus. The typed digital media is program-controlled by distinctly different machine instructions. Mutable binary data is programmed by 28 RISC instruction set for Imperative programming and Procedural programming the binary data using binary data registers confined to a capability limited memory segment. The immutable Capability Keys, exclusive to six Church-Instructions, navigate the computational context of the Turing Machine through the separately programmed structure of the Object-capability model. PP250 was sold commercially circa 1972.

Intel iAPX 432

The iAPX 432 is a discontinued computer architecture introduced in 1981. It was Intel's first 32-bit processor design. The main processor of the architecture, the general data processor, is implemented as a set of two separate integrated circuits, due to technical limitations at the time. Although some early 8086, 80186 and 80286-based systems and manuals also used the iAPX prefix for marketing reasons, the iAPX 432 and the 8086 processor lines are completely separate designs with completely different instruction sets.

A processor register is a quickly accessible location available to a computer's processor. Registers usually consist of a small amount of fast storage, although some registers have specific hardware functions, and may be read-only or write-only. In computer architecture, registers are typically addressed by mechanisms other than main memory, but may in some cases be assigned a memory address e.g. DEC PDP-10, ICT 1900.

Memory protection is a way to control memory access rights on a computer, and is a part of most modern instruction set architectures and operating systems. The main purpose of memory protection is to prevent a process from accessing memory that has not been allocated to it. This prevents a bug or malware within a process from affecting other processes, or the operating system itself. Protection may encompass all accesses to a specified area of memory, write accesses, or attempts to execute the contents of the area. An attempt to access unauthorized memory results in a hardware fault, e.g., a segmentation fault, storage violation exception, generally causing abnormal termination of the offending process. Memory protection for computer security includes additional techniques such as address space layout randomization and executable space protection.

Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights. A user program on a capability-based operating system must use a capability to access an object. Capability-based security refers to the principle of designing user programs such that they directly share capabilities with each other according to the principle of least privilege, and to the operating system infrastructure necessary to make such transactions efficient and secure. Capability-based security is to be contrasted with an approach that uses hierarchical protection domains.

Memory segmentation is an operating system memory management technique of division of a computer's primary memory into segments or sections. In a computer system using segmentation, a reference to a memory location includes a value that identifies a segment and an offset within that segment. Segments or sections are also used in object files of compiled programs when they are linked together into a program image and when the image is loaded into memory.

ICL 2900 Series

The ICL 2900 Series was a range of mainframe computer systems announced by the UK manufacturer ICL on 9 October 1974. The company had started development, under the name "New Range" immediately on its formation in 1968. The range was not designed to be compatible with any previous machines produced by the company, nor with any competitor's machines: rather, it was conceived as a synthetic option combining the best ideas available from a variety of sources.

Protection ring Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior. This approach is diametrically opposite to that of capability-based security.

In computer science, capability-based addressing is a scheme used by some computers to control access to memory as an efficient implementation of capability-based security. Under a capability-based addressing scheme, pointers are replaced by protected objects that can be created only through the use of privileged instructions which may be executed only by either the kernel or some other privileged process authorised to do so. This effectively allows the kernel to control which processes may access which objects in memory without the need to use separate address spaces and therefore requiring a context switch when an access occurs.

GEC 4000 series

The GEC 4000 was a series of 16/32-bit minicomputers produced by GEC Computers Ltd in the United Kingdom during the 1970s, 1980s and early 1990s.

LINC-8

LINC-8 was the name of a minicomputer manufactured by Digital Equipment Corporation between 1966 and 1969. It combined a LINC computer with a PDP-8 in one cabinet, thus being able to run programs written for either of the two architectures.

Atlas (computer) Supercomputer of the 1960s

The Atlas Computer was one of the world's first supercomputers, in use from 1962 until 1971. It was considered to be the most powerful computer in the world at that time. Atlas' capacity promoted the saying that when it went offline, half of the United Kingdom's computer capacity was lost. It is notable for being the first machine with virtual memory using paging techniques; this approach quickly spread, and is now ubiquitous.

RISC-V is an open standard instruction set architecture (ISA) based on established reduced instruction set computer (RISC) principles. Unlike most other ISA designs, the RISC-V ISA is provided under open source licenses that do not require fees to use. A number of companies are offering or have announced RISC-V hardware, open source operating systems with RISC-V support are available and the instruction set is supported in several popular software toolchains.

References

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.