The limitations of existing CAPSTONE capabilities in the normal world:
- The capability can only point to a memory region in the secure memory, hence no memory protection for the normal memory at all.
- Since the OS and normal world applications are in the same domain, we can assume OS as trusted in this scenario, and provide some OS-managed v-capabilities to provide CAPSTONE-capability-like traits with virtual address.
Key traits for CAPSTONE v-capabilities:
- Linearity
- Revocation
- Software-defined by the priviledged software in the normal world
- Transparent to the secure world
The limitations of existing CAPSTONE capabilities in the normal world:
Key traits for CAPSTONE v-capabilities: