gillies@m.cs.uiuc.edu (04/11/90)
"Capability-Based Computer Systems" by digital press (1984). In my opinion, this is the best books on protection design anywhere. It contains case studies of 6 or 8 systems, and only by reading the case studies can you understand the issues and problems in capability-system design. Much of the information is unavailable elsewhere. "The Eden System: A Technical Review", IEEE Soft-Eng, 198(2?3?4?) When last I looked, Eden was one of the few distributed systems with protection. I believe protection in a coherent distributed system is still a research topic. The Eden system uses very rudimentary capabilities, but at least they thought in these terms when designing the system. ------ My favorite capability system is Plessy/250. It was a dedicated phone-switching controller, but its simple design made it able to implement protected subsystems efficiently and recursively in hardware, something no other capability-based computer could do. Its only competitor in this sense was (ACL + capability) Multics system. In other words, the OS and user programs relied on the same hardware mechanism to perform a subsystem ENTER primitive, and no software intervention was necessary.