CHERI with a Linux on Top
8 hours ago
- #Computer Architecture
- #Memory Safety
- #CHERI
- CHERI (Capability Hardware Enhanced RISC Instructions) is a security-focused computer architecture project aimed at improving system security by extending instruction-set architectures (ISAs) with capabilities.
- Capabilities are access-control objects that include a reference to a memory region and associated permissions (read, write, execute), providing fine-grained memory safety and compartmentalization.
- CHERI originated from Cambridge University and SRI International, funded by DARPA, and is now supported by the CHERI Alliance, involving both governments and companies.
- The project has evolved through implementations like Arm Morello (2022) and now focuses on RISC-V, with potential extensions for x86.
- CHERI supports hybrid operation (integer-pointer and pure-capability modes) to maintain compatibility with existing systems while offering enhanced security.
- Linux has been ported to CHERI, with recent progress on a purecap mode kernel (6.16), aiming for functionality before advancing security features like compartmentalization.
- CHERI provides memory safety for languages like C and C++, reducing vulnerabilities such as buffer overflows, and supports fine-grained compartmentalization to mitigate supply-chain attacks.
- Performance overhead for CHERI is minimal (~5% for CHERI code), with ongoing optimizations to reduce this further.
- Future work includes compartmentalizing kernel modules, supporting BPF in user space, and exploring CHERI for MMU-less systems to provide hardware-enforced isolation.
- CHERI is seen as complementary to Rust, with potential synergies in memory safety and compartmentalization, though Rust does not address speculative execution vulnerabilities.