Description
CHERI is a processor architecture protection model enabling fine-grained C/C++ memory protection and scalable software compartmentalization. CHERI hybridizes conventional processor, instruction-set, and software designs with an architectural capability model. Originating in DARPA’s CRASH research program in 2010, the work has progressed from FPGA prototypes to the recently released Arm Morello prototype processor and SoC implementing CHERI principles, Microsoft’s CHERIoT microcontroller, and multiple commercial products shipping from 2025 onwards. This talk will introduce the design principles of CHERI, explain how software works on the platform, and explore the large-scale evaluation case studies based on tens of millions of lines of open-source code. It will conclude by exploring future research directions as well as in-progress transition into industrial use.
Prochains exposés
-
The Design and Implementation of a Virtual Firmware Monitor
Orateur : Charly Castes - EPFL
Low level software is often granted high privilege, yet this need not be the case. Although vendor firmware plays a critical role in the operation and management of the machine, most of its functionality does not require unfettered access to security critical software and data. In this paper we demonstrate that vendor firmware can be safely and efficiently deprivileged, decoupling its[…]-
SoSysec
-
Compartmentalization
-
Operating system and virtualization
-