University of Cambridge > Talks.cam > Computer Laboratory Wednesday Seminars > CHERI - Architectural support for software memory protection and compartmentalisation

CHERI - Architectural support for software memory protection and compartmentalisation

Add to your list(s) Download to your calendar using vCal

If you have a question about this talk, please contact David Greaves.

Capability Hardware Enhanced RISC Instructions (CHERI) extend a conventional RISC architecture with support for “capabilities” — pointers whose integrity is protected by the hardware, extended with protection metadata such as bounds and permissions, and constrained by security properties such as monotonicity. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++-language programs; protections against control-flow attacks such as ROP and JOP ; granular and efficient in-address-space isolation and software compartmentalisation; and safe interoperation between managed languages and native-code extensions. Prototyped via hardware-software co-design, and evaluated on FPGA over a six-year period with support from DARPA , the CHERI processor is able to run adapted versions of the FreeBSD operating system (CheriBSD) and open-source application stack, and is targeted by an extended version of the Clang/LLVM compiler. This talk introduces the CHERI architecture and potential applications, and will also describe current research directions.

This talk is part of the Computer Laboratory Wednesday Seminars series.

Tell a friend about this talk:

This talk is included in these lists:

Note that ex-directory lists are not shown.

 

© 2006-2020 Talks.cam, University of Cambridge. Contact Us | Help and Documentation | Privacy and Publicity