Description
CHERI is a processor architecture protection model enabling fine-grained C/C++ memory protection and scalable software compartmentalization. CHERI hybridizes conventional processor, instruction-set, and software designs with an architectural capability model. Originating in DARPA’s CRASH research program in 2010, the work has progressed from FPGA prototypes to the recently released Arm Morello prototype processor and SoC implementing CHERI principles, Microsoft’s CHERIoT microcontroller, and multiple commercial products shipping from 2025 onwards. This talk will introduce the design principles of CHERI, explain how software works on the platform, and explore the large-scale evaluation case studies based on tens of millions of lines of open-source code. It will conclude by exploring future research directions as well as in-progress transition into industrial use.