A hardware architecture for controlling information flow

The foundations of capability schemes are critically examined. The context free utilization of capabilities once acquired is shown to be inconsistent with both least privilege norm and information flow requirements. An enhanced Capability Vector mechanism which pre-confines the set of capabili-ties with which a given capability can be combined is proposed. It is shown that capability vectors dynamically define an information flow structure which is potentially more refined, flexible, and versatile than traditional information classification systems. Based on this property, a Generalized Capability Vector machine which enforces a controlled information flow policy is designed. The proposed machine supports programmable resources which are either statically or dynamically bound to an information class.