Two Paths to Memory Safety: CHERI and OMA
7 hours ago
- #hardware-architecture
- #memory-safety
- #cybersecurity
- Cybercrime has caused significant financial losses and even loss of life in the UK, with notable attacks on Marks & Spencer, Co-op, Jaguar Land Rover, Transport for London, and King’s College Hospital.
- 70% of software vulnerabilities stem from memory safety issues, a problem that current CPUs cannot prevent, and traditional software patches are inadequate.
- Two hardware-level solutions to memory safety issues are CHERI (Capability Hardware Enhanced RISC Instructions) and OMA (Object Memory Architecture), each with distinct approaches and benefits.
- CHERI extends conventional instruction set architectures with hardware-enforced capabilities, providing referential and spatial safety but leaving temporal safety to software.
- OMA implements object-based memory management in hardware, offering referential, spatial, and temporal safety, with significant performance improvements for managed languages.
- CHERI is suited for embedded systems and microcontrollers, while OMA targets server-class and application processors, particularly those running managed languages.
- CHERI has strong government backing and an open-source ecosystem, while OMA offers proprietary technology with performance advantages for commercial data centers.
- Both CHERI and OMA provide solutions to memory safety vulnerabilities, with CHERI focusing on compatibility and incremental adoption and OMA emphasizing performance and hardware-enforced safety.