CAP computer
Encyclopedia
The Cambridge CAP computer was the first successful experimental computer that demonstrated the use of security capabilities
, both in hardware and software. It was developed at the University of Cambridge Computer Laboratory
in the 1970s. As well as being a research machine, it also served as a useful service machine, unlike most research machines of the time.
The sign currently on the front of the machine reads:
The 32-bit processor featured microprogramming control, two 256-entry cache
s, a 32-entry write buffer and the capability unit itself, which had 64 registers for holding evaluated capabilities. Floating point
operations were available using a single 72-bit accumulator. The instruction set featured over 200 instructions, including basic ALU and memory operations, to capability- and process-control instructions.
Instead of the programmer-visible registers used in Chicago and Plessey System 250
designs, the CAP would load internal registers silently when a program defined a capability. The memory was divided into segments of up to 64K 32-bit words. Each segment could contain data or capabilities, but not both. Hardware was accessed via an associated minicomputer.
All procedures constituting the operating system were written in ALGOL 68C
, although a number of other closely associated protected procedures - such as a paginator - are written in BCPL
. http://research.microsoft.com/pubs/72418/cap.pdf
, file system
, compiler
s, and so on. The OS used a process
tree structure, with an initial process called the "Master coordinator". This removed the need for separate modes of operation, as each process can directly access the resources of its children. In practice, only two levels were ever used during the CAP's operation.
Capability-based security
Capability-based security is a concept in the design of secure computing systems, one of the existing security models. A capability is a communicable, unforgeable token of authority. It refers to a value that references an object along with an associated set of access rights...
, both in hardware and software. It was developed at the University of Cambridge Computer Laboratory
University of Cambridge Computer Laboratory
The Computer Laboratory is the computer science department of the University of Cambridge. As of 2007, it employs 35 academic staff, 25 support staff, 35 affiliated research staff, and about 155 research students...
in the 1970s. As well as being a research machine, it also served as a useful service machine, unlike most research machines of the time.
The sign currently on the front of the machine reads:
The CAP project on memory protection ran from 1970 to 1977. It was based on capabilities implemented in hardware, under M.Wilkes and R.NeedhamRoger NeedhamRoger Michael Needham, CBE, FRS, FREng was a British computer scientist.-Early life:He attended Doncaster Grammar School for Boys in Doncaster ....
with D.Wheeler responsible for the implementation. R.Needham was awarded a BCSBritish Computer SocietyThe British Computer Society, is a professional body and a learned society that represents those working in Information Technology in the United Kingdom and internationally...
Technical Award in 1978 for the CAP (Capability Protection) Project.
Design
The CAP was designed such that any access to a memory segment or hardware required that the current process held the necessary capabilities.The 32-bit processor featured microprogramming control, two 256-entry cache
Cache
In computer engineering, a cache is a component that transparently stores data so that future requests for that data can be served faster. The data that is stored within a cache might be values that have been computed earlier or duplicates of original values that are stored elsewhere...
s, a 32-entry write buffer and the capability unit itself, which had 64 registers for holding evaluated capabilities. Floating point
Floating point
In computing, floating point describes a method of representing real numbers in a way that can support a wide range of values. Numbers are, in general, represented approximately to a fixed number of significant digits and scaled using an exponent. The base for the scaling is normally 2, 10 or 16...
operations were available using a single 72-bit accumulator. The instruction set featured over 200 instructions, including basic ALU and memory operations, to capability- and process-control instructions.
Instead of the programmer-visible registers used in Chicago and Plessey System 250
Plessey System 250
-History:Manufactured by Plessey company plc in the United Kingdom in 1970, it was successfully deployed by the Ministry of Defence for the British Army Ptarmigan project and served in the first Gulf War as a tactical mobile communication network switch....
designs, the CAP would load internal registers silently when a program defined a capability. The memory was divided into segments of up to 64K 32-bit words. Each segment could contain data or capabilities, but not both. Hardware was accessed via an associated minicomputer.
All procedures constituting the operating system were written in ALGOL 68C
ALGOL 68C
The ALGOL68C computer programming language compiler was developed for the CHAOS OS for the CAP capability computer at Cambridge University in 1971 by Stephen Bourne and Michael Guy as a dialect of ALGOL 68. Other early contributors were Andrew D. Birrell and Ian Walker.The initial compiler was...
, although a number of other closely associated protected procedures - such as a paginator - are written in BCPL
BCPL
BCPL is a procedural, imperative, and structured computer programming language designed by Martin Richards of the University of Cambridge in 1966.- Design :...
. http://research.microsoft.com/pubs/72418/cap.pdf
Operation
The CAP first became operational in 1976. A fully functional computer, it featured a complete operating systemOperating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
, file system
File system
A file system is a means to organize data expected to be retained after a program terminates by providing procedures to store, retrieve and update data, as well as manage the available space on the device which contain it. A file system organizes data in an efficient manner and is tuned to the...
, compiler
Compiler
A compiler is a computer program that transforms source code written in a programming language into another computer language...
s, and so on. The OS used a process
Process (computing)
In computing, a process is an instance of a computer program that is being executed. It contains the program code and its current activity. Depending on the operating system , a process may be made up of multiple threads of execution that execute instructions concurrently.A computer program is a...
tree structure, with an initial process called the "Master coordinator". This removed the need for separate modes of operation, as each process can directly access the resources of its children. In practice, only two levels were ever used during the CAP's operation.
See also
- Plessey System 250Plessey System 250-History:Manufactured by Plessey company plc in the United Kingdom in 1970, it was successfully deployed by the Ministry of Defence for the British Army Ptarmigan project and served in the first Gulf War as a tactical mobile communication network switch....
- IBM System/38
- C.mmpC.mmpThe C.mmp was an early MIMD multiprocessor system developed at Carnegie Mellon University by William Wulf . The notation C.mmp came from the PMS notation of Bell and Newell, where a CPU was designated as C and a variant was noted by the dot notation; mmp stood for Multi-Mini-ProcessorSixteen...
- RSRE FlexFlex machineIn computing, there have been multiple systems named FLEX.-Alan Kay's FLEX system:Alan Kay developed his Flex system in the late 1960s while exploring ideas that would later evolve into the Smalltalk programming language.-RSRE FLEX Computer System:...