About hardware memory maps, capability indirection, etc.

Capabilities and Address Spaces
Virtual Snapshots
Revocation of Memory in Keykos
Protecting Capabilities
Buddy Caps
Indirect Segments
Large Addresses

An important idea that does not seem to fit anywhere is that all of the indirection techniques seemingly required to support selectively revokable access to memory, most bottom out in conventional (2010) hardware memory maps. Buddy caps (see above) are neat and clean but are not revokable.

Perhaps a memory map between cache levels might be a good engineering compromise between real and virtual caches. The cache private to a CPU would be tagged by virtual address but lower slower caches would be tagged by real addresses and thus shared between logical address spaces as well as processors. When access to a segment is severed the memory map is promptly modified and perhaps the local cache is purged, at least of the mapped segment. If it is not purged then no new secrets will be available to programs using that memory. No new modifications made by those programs will affect the revoked segment. Not purging the cache would often delay notification of the accessing program that it had lost access. It is not immediately clear to me where this would be a problem.