Capability Systems Bibliography

Publications by date

• 1966

  • Programming Semantics for Multiprogrammed Computations (DOI)
    by Jack B. Dennis and Earl C. Horn.
    In Commun. ACM 9(3), March 1966, pages 143-155. (BibTeX entry)·

• 1968

  • Flexible Software Development for Multiple Computer Systems
    by Anita K. Jones and Karsten Schwan.
    In IEEE Transactions on Software Engineering, March 1968. (BibTeX entry)·

• 1969

  • Dynamic Protection Structures (PDF, DOI)
    by B.W. Lampson.
    In the Proceedings of the November 18-20, 1969, fall joint computer conference; AFIPS '69 (Fall), November 1969. (BibTeX entry)·

• 1971

  • Protection
    by B.W. Lampson.
    In the Proceedings of the Fifth Princeton Symposium on Info. Sci. and Systems, March 1971. (BibTeX entry)·

• 1973

  • The case for capability based computers (Extended Abstract) (DOI)
    by R. S. Fabry.
    In the Proceedings of the Fourth ACM Symposium on Operating System Principles 1973, New York, NY, USA, 1973. (BibTeX entry)·

  • Protection in Programmed Systems
    by Anita Katherine Jones.
    PhD, Carnegie Mellon University, June 1973. (BibTeX entry)·

  • A Note on the Confinement Problem
    by B.W. Lampson.
    In Communications of the ACM 16(10), October 1973, pages 613-615. (BibTeX entry)·

• 1974

  • Naming and Protection in Extendible Operating Systems
    by David D Redell.
    Ph.D. thesis, Massachusetts Institute of Technology, 1974. (BibTeX entry)·

  • HYDRA: the kernel of a multiprocessor operating system (DOI)
    by W. Wulf, E. Cohen, W. Corwin, Anita Jones, R. Levin, C. Pierson, and F. Pollack.
    In Communications of the ACM 17(6), 1974, pages 337-345. (BibTeX entry)·

  • Towards the Design of Secure Systems
    by Anita Katherine Jones and William A. Wulf.
    In the Proceedings of the International Workshop on Protection in Operating Systems, Rocquencourt, Le Chesnay, France, August 1974, pages 121-135. (BibTeX entry)·

• 1975

  • The protection of information in computer systems (DOI)
    by J.H. Saltzer and M.D. Schroeder.
    In Proceedings of the IEEE 63(9), 1975, pages 1278-1308. (BibTeX entry)·

  • Protection of the Hydra Operating System
    by E. Cohen and D. Jefferson.
    In the Proceedings of the Fifth ACM Symposium on Operating Systems Principles, 1975, pages 141-160. (BibTeX entry)·

  • Towards the design of secure systems (DOI)
    by Anita K. Jones and William A. Wulf.
    In Software: Practice and Experience 5(4), 1975. (BibTeX entry)·

  • A Provably Secure Operating System
    by P.G. Neumann, L. Robinson, K.N. Levitt, R.S. Boyer, and A.R. Saxena.
    Computer Science Laboratory SRI International, Menlo Park, California technical report , June 1975. (BibTeX entry)·

• 1976

  • Secure Computer System: Unified Exposition and Multics Interpretation
    by D.E. Bell and L.J. La Padula.
    The Mitre Corporation technical report ESD-TR-75-306, March 1976. (BibTeX entry)·

• 1977

  • A Provably Secure Operating System: The System, Its Applications, and Proofs
    by P.G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson.
    Computer Science Laboratory SRI International, Menlo Park, California technical report , February 1977. (BibTeX entry)·

  • The Narrowing Gap Between Language Systems and Operating Systems
    by Anita K. Jones.
    In the Proceedings of the 7th Information Processing IFIP Congress, Toronto, Canada, August 1977, pages 869-873. (BibTeX entry)·

• 1978

  • The object model: A conceptual tool for structuring software (DOI)
    by Anita K. Jones.
    In the Operating Systems: An Advanced Course, Berlin, Heidelberg, 1978, pages 7-16. (BibTeX entry)·

• 1979

  • The Cambridge CAP Computer and Its Operating System (PDF) (Cached: PDF)
    by Maurice Vincent Wilkes, Roger Michael Needham, and Peter J. Denning.
    Elsevier North Holland 1979,Operating and Programming Systems Series. (BibTeX entry)·

  • StarOS, a Multiprocessor Operating System for the Support of Task Forces (DOI)
    by Anita K. Jones, Robert J. Chansler, Ivor Durham, Karsten Schwans, and Steven R. Vegdahl.
    In the Proceedings of the Seventh ACM Symposium on Operating Systems Principles, Pacific Grove, California, USA, 1979. (BibTeX entry)·

  • The Foundations of a Provably Secure Operating System (PSOS) (PDF) (Cached: PDF)
    by R. J. Feiertag and P. G. Neumann.
    In the Proceedings of the National Computer Conference, 1979, pages 329-334. (BibTeX entry)·

• 1980

  • A Provably Secure Operating System: The System, Its Applications, and Proofs
    by P. G. Neumann, R.S. Boyer, R.J. Feiertag, K.N. Levitt, and L. Robinson.
    Computer Science Laboratory, SRI International, Menlo Park, California technical report , May 1980. (BibTeX entry)·

  • Capability Architecture Revisited (DOI)
    by Anita K. Jones.
    In SIGOPS Operating Systems Review 14(3), July 1980. (BibTeX entry)·

• 1981

  • HYDRA/C.mmp An Experimental Computer System
    by William A. Wulf, Roy Levin, and Samuel P. Harbinson.
    McGraw-Hill 1981. (BibTeX entry)·

• 1982

  • The Architecture of the Burroughs B5000: 20 Years Later and Still Ahead of the Times? (DOI)
    by Alastair J. W. Mayer.
    In SIGARCH Comput. Archit. News 10(4), June 1982, pages 3-10. (BibTeX entry)·

• 1984

  • Capability-Based Computer Systems (website)
    by Henry M. Levy.
    Digital Press 1984. (BibTeX entry)·

    Levy reviews systems up through the mid-1980s, including the Cambridge CAP, HYDRA, StarOS, IBM's System/38, and Intel's iAPX 432. The book is out of print but the website hosts PDF copies of each chapter.

  • On the inability of an unmodified capability machine to enforce the *-property (HTML) (Cached: HTML)
    by W Boebert.
    In the Proceedings of the 7th DOD/NBS Computer Security Conference, September 1984. (BibTeX entry)·

• 1986

  • Security in KeyKOS
    by S.A. Rajunas, N. Hardy, A.C. Bomberger, W.S. Frantz, and C.R. Landau.
    In the Proceedings of the 1986 IEEE Sympsium on Security and Privacy, April 1986. (BibTeX entry)·

  • The Specification of Resource Allocation for a Concurrent Program
    by Anita K. Jones and Karsten Schwan.
    In the , May 1986. (BibTeX entry)·

• 1987

  • Discussion: The Burroughs B 5000 in Retrospect (DOI)
    by R. S. Barton, H. Berce, G. A. Collins, B. A. Creech, D. M. Dahm, B. A. Dent, V. J. Ford, B. A. Galler, J. E. S. Hale, E. A. Hauck, J. T. Hootman, P. D. King, N. L. Kreuder, W. R. Lonergan, D. MacDonald, F. B. MacKenzie, C. Oliphint, R. Pearson, R. F. Rosin, L. D. Turner, and R. Waychoff.
    In Annals of the History of Computing 9(1), January 1987, pages 37-92. (BibTeX entry)·

• 1988

  • Improving Security and Performance for Capability Systems (PDF) (Cached: PDF)
    by Paul Ashley Karger.
    Technical Report, October 1988. (BibTeX entry)·

  • The Confused Deputy (or why capabilities might have been invented)
    by Norman Hardy.
    In ACM SIGOPS Operating Systems Review 22(4), October 1988. (BibTeX entry)·

• 1994

  • Hardware Support for Fast Capability-based Addressing (PDF, DOI) (Cached: PDF)
    by Nicholas P. Carter, Stephen W. Keckler, and William J. Dally.
    In SIGPLAN Not 29(11), November 1994, pages 319-327. (BibTeX entry)·

• 1999

  • EROS: A Fast Capability System (DOI)
    by Jonathan S. Shapiro, Jonathan M. Smith, and David J. Farber.
    In the Proceedings of the Seventeenth ACM Symposium on Operating Systems Principles, New York, NY, USA, 1999, pages 170-185. (BibTeX entry)·

• 2002

  • EROS: A Principle-Driven Operating System from the Ground Up
    by J.S. Shapiro and N. Hardy.
    In IEEE Software 19(1), January 2002, pages 26-33. (BibTeX entry)·

• 2003

  • Capability Myths Demolished (PDF) (Cached: PDF)
    by Mark S Miller, Ka-Ping Yee, and Jonathan Shapiro.
    Johns Hopkins University technical report , 2003. (BibTeX entry)·

  • Paradigm Regained: Abstraction Mechanisms for Access Control (website, PDF) (Cached: PDF)
    by Mark S. Miller and Jonathan S. Shapiro.
    In the Proceedings of Advances in Computing Science – ASIAN 2003, Berlin, Heidelberg, 2003, pages 224-242. (BibTeX entry)·

• 2004

  • Towards a verified, general-purpose operating system kernel (PDF) (Cached: PDF)
    by Jonathan Shapiro, Michael Scott Doerrie, Eric Northup, and Mark Miller.
    In the Proceedings of the NICTA Invitational Workshop on Operating System Verification, 2004, pages 1-19. (BibTeX entry)·

• 2007

  • Coyotos Microkernel Specification (HTML) (Cached: HTML)
    by Jonathan S. Shapiro and Jonathan W. Adams.
    Johns Hopkins University technical report , September 2007. (BibTeX entry)·

• 2010

  • Class properties for security review in an object-capability subset of Java (DOI)
    by Adrian Mettler and David Wagner.
    In the Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security '10, Toronto, Canada, 2010, pages 1-7. (BibTeX entry)·

  • Capsicum: Practical capabilities for Unix
    by Robert N.~M. Watson, J. Anderson, B. Laurie, and K. Kennaway.
    In the Proceedings of the 19th USENIX Security Symposium, August 2010. (BibTeX entry)·

  • Capabilities Revisited: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems (PDF) (Cached: PDF)
    by Peter G. Neumann and Robert N. M. Watson.
    In the Proceedings of the Fourth Layered Assurance Workshop, Austin, Texas, December 2010. (BibTeX entry)·

• 2013

  • The Need for Capability Policies (DOI)
    by Sophia Drossopoulou and James Noble.
    In the Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs, New York, NY, USA, 2013, pages 6:1-6:7. (BibTeX entry)·

• 2014

  • Beyond the PDP-11: Architectural support for a memory-safe C abstract machine (PDF) (Cached: PDF)
    by David Chisnall, Colin Rothwell, Brooks Davis, Robert Watson, Jonathan Woodruff, Simon Moore, Peter G. Neumann, and Michael Roe.
    In the Proceedings of the Fifteenth Edition of ASPLOS on Architectural Support for Programming Languages and Operating Systems, Istanbul, Turkey, 2014. (BibTeX entry)·

• 2015

  • Confidence in Confinement: An Axiom-free, Mechanized Verification of Confinement in Capability-based Systems (PDF) (Cached: PDF)
    by M. Scott Doerrie.
    Ph.D. thesis, 2015. (BibTeX entry)·

• 2016

  • Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 5) (PDF) (Cached: PDF)
    by Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, and Hongyan Xia.
    University of Cambridge, Computer Laboratory technical report UCAM-CL-TR-891, June 2016. (BibTeX entry)·

• 2017

  • Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 6) (PDF) (Cached: PDF)
    by Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, John Baldwin, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, and Hongyan Xia.
    University of Cambridge, Computer Laboratory technical report UCAM-CL-TR-907, April 2017. (BibTeX entry)·

• 2018

  • Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA) (PDF) (Cached: PDF)
    by Robert N. M. Watson, Peter G Neumann, and Simon W. Moore.
    In the New Solutions for Cybersecurity, 2018. (BibTeX entry)·

  • Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 7) (PDF) (Cached: PDF)
    by Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Hesham Almatary, Jonathan Anderson, John Baldwin, David Chisnall, Brooks Davis, Nathaniel Wesley Filardo, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Kyndylan Nienhuis, Robert Norton, Alex Richardson, Peter Rugg, Peter Sewell, Stacey Son, and Hongyan Xia.
    University of Cambridge, Computer Laboratory technical report UCAM-CL-TR-927, October 2018. (BibTeX entry)·

• 2019

  • CHERI Concentrate: Practical Compressed Capabilities (DOI)
    by Jonathan Woodruff, Alexandre Joannou, Hongyan Xia, Anthony Fox, Robert Norton, Thomas Bauereiss, David Chisnall, Brooks Davis, Khilan Gudka, Nathaniel W. Filardo, A. Theodore Markettos, Michael Roe, Peter G. Neumann, Robert N. M. Watson, and Simon W. Moore.
    In IEEE Transactions on Computers, 2019. (BibTeX entry)·

  • StkTokens: Enforcing Well-bracketed Control Flow and Stack Encapsulation using Linear Capabilities
    by Lau Skorstengaard, Dominique Devriese, and Lars Birkedal.
    In Proc. ACM Programming Languages 3(POPL), January 2019. (BibTeX entry)·

  • CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment (PDF) (Cached: PDF)
    by Brooks Davis, Robert N. M. Watson, Alexander Richardson, Peter Neumann, Simon Moore, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, Ed Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert Norton, Michael Roe, Peter Sewell, Stacey Son, and Jonathan Woodruff.
    In the Proceedings of the 24nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2019), April 2019. (BibTeX entry)·

  • SemperOS: A Distributed Capability System (PDF) (Cached: PDF)
    by Matthias Hille, Nils Asmussen, Pramod Bhatotia, and Hermann Härtig.
    In the Proceedings of 2019 USENIX Annual Technical Conference (USENIX ATC 19), Renton, WA, July 2019, pages 709-722. (BibTeX entry)·