Skip to content
STIMSMITH

Capability

Concept

In the context of capability machines such as CHERI, a capability is an unforgeable architectural token that extends a conventional C/C++ pointer with metadata describing the bounds, permissions, and identity of the memory region it authorizes. Capabilities provide fine-grained memory protection and scalable software compartmentalization at the hardware level, replacing or augmenting coarse page-based MMU enforcement.

First seen 6/11/2026
Last seen 6/11/2026
Evidence 7 chunks
Wiki v1

WIKI

Definition

A capability is an architectural primitive used in capability machines such as CHERI. It is defined as an extension of a conventional C or C++ pointer that carries additional metadata describing the bounds and permissions of the memory region the pointer is allowed to access. Conceptually, a capability is an unforgeable token of authority granting the holder the ability to perform specific actions on a designated memory region.

Key Properties

READ FULL ARTICLE →

NEIGHBORHOOD

No graph connections found for this entity yet. It may appear in future ingestion runs.

explore full graph →

RELATIONSHIPS

1 connections
CHERI-RISC-V VP++ ← implements 100% 2e
CHERI-RISC-V VP++ implements CHERI capabilities.

LINKED ENTITIES

1 links
CHERI-RISC-V VP++ IMPLEMENTS Extracted graph relationship

CITATIONS

12 sources
12 citations — click to expand
[1] A capability is an extension of a conventional C or C++ pointer, with additional metadata that describes the bounds and permissions of the memory region that the pointer can access, serving as an unforgeable token of authority. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[2] Capabilities are unforgeable and can only be derived from existing capabilities; CHERI's strict application of monotonicity implies that derived capabilities can only become more restrictive than their parent, never more permissive. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[3] CHERI uses capabilities to enforce isolation and decouples virtualization from separation, avoiding the scalability problems imposed by MMU-based designs that associate each protection domain with a separate page table and TLB entries. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[4] CHERI's two core design principles are the principle of least privilege and the principle of intentional use. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[5] The encoded (in-memory) capability format is exactly CLEN = 2 × XLEN bits, excludes the Tag bit (which is stored out-of-band), and is used for memory storage; the in-register representation is a partially decompressed encoding that includes the Tag bit and is used for fast capability manipulation. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[6] Capabilities are stored in memory using a Null-Capability XOR mask, so that a memory region reset to zero contains only Null Capabilities. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[7] The Null Capability has Tag=0, base=0, top=2^64−1, all permissions cleared, and object type 0x3FFFF; its in-memory representation is the all-zero word. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[8] The Infinite (Default) Capability has Tag=1, spans the entire address space, and has all permissions set; it is used as the default value for special capabilities such as the Program Counter Capability (PCC). CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[9] In addition to capabilities, CHERI introduces a Compartment Identifier (CID) to tag microarchitectural state so that sensitive prediction data is not shared across software compartments, reducing side-channel attack risk. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[10] In capability machines every word has an associated tag bit that indicates whether the value it contains is a capability or a regular data value. CHERI-RISC-V VP++: A Virtual Prototyping Platform Enabling Fine-Grained Capability-Based Security
[11] Uninitialized Capabilities introduce a new capability type that grants the authority to read and write a block of memory but not to view its initial contents, intended for use in secure calling conventions. Uninitialized Capabilities
[12] Zeno is a scalable capability-based architecture that uses a namespace-based capability model to support globally shareable capabilities across multiple nodes in a datacenter-scale system. Zeno: A Scalable Capability-Based Secure Architecture