Brussels / 4 & 5 February 2023


Hardening Kernel Subsystems by Architectural Capabilities

Capabilities are tokens of authority that are unforgeable and delegable. The Morello architecture extends the Armv8.2-A profile with features that implement the CHERI capabilities and protection model. It implements 129-bit CHERI capabilities with compressed bounds, which provide a compromise between memory consumption and bounds precision. The Morello architecture also inherits the rules for architectural features and extensions from Armv8.2-A. There is ongoing work on Linux kernel support with fine-grained memory protection and scalable compartmentalization features.

This talk discusses how Morello hardware features introduce new opportunities for designing kernel abstractions to achieve intra-kernel privilege separation and sandboxing mechanisms. We further explain our ongoing work on hardening the kernel's security-sensitive subsystems and some of the challenges to achieving proper security across different abstraction layers in a monolithic kernel. We hope this talk opens essential discussions with the Linux kernel community to improve hardware-assisted hardening mechanisms within the kernel.


Photo of Zahra Tarkhani Zahra Tarkhani