The CHERI CPU
RISC in the age of risk
- Track: Security
- Room: K.1.105 (La Fontaine)
- Day: Sunday
- Start: 10:00
- End: 10:50
The CHERI research CPU extends the 64-bit MIPS ISA with byte-granularity memory protection. CHERI enables language memory model enforcement and fault isolation in hardware rather than software. In contrast to past capability models, CHERI complements, rather than replaces, the ubiquitous page-based protection mechanism, providing a migration path towards deconflating data-structure protection and OS memory management. Furthermore, CHERI adheres to a strict RISC philosophy: it maintains a load-store architecture and requires only single-cycle instructions, and supplies protection primitives to the compiler, language runtime, and operating system.
This talk will present the CHERI softcore and associated software stack and describe how building on open source has enabled full-stack security research.
2014 saw memory safety vulnerabilities such as Heartbleed in the mainstream press on several times, yet modern CPUs provide a memory model that does nothing to prevent them. Modern security-critical applications such as web browsers split themselves into components to minimise the damage done by a compromise, but are forced to do so using hardware mechanisms (the MMU) designed to protect small numbers of programs from each other and which don't scale to the hundreds or thousands of components that modern software demands.
The CHERI research CPU was created to attempt to apply the RISC philosophy to addressing these problems: To provide a simple hardware primitive that could be used to enforce everything from object-granularity memory protection to library-granularity sandboxing, with the policy under the control of software. The resulting design has undergone several significant revisions and is the focus of ongoing research on OS and programming language security policies.
Our software stack uses a modified FreeBSD and LLVM/Clang, co-designed along with the CPU. This allows us to evaluate real programs, running at a useable (if not spectacular) speed.
Speakers
David Chisnall |