Reference 1
From CheriABI, CL-TR-932 ch4.4
Stack capabilities: compiler generated code sets bounds on references to variables on the stack. These prevent classic stack-based buffer overflows.
Heap capabilities: malloc() is modified and will return capabilities with tight bounds and no overlaps between heap objects. If other allocators are used, they will need to be modified in the same way.
Global capabilities: capabilities for global variables (such as const char* string constants, etc.) are set-up at program startup by the runtime linker. In statically linked binaries, the initialization code is embedded into each static library as part of the C startup code.
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?