The CHERI Processor: Revisiting the Hardware-Software Interface for Security

Robert N.M. Watson

Robert N.M. Watson

University of Cambridge

MONDAY July 6th, Noon, Room 110

This talk will not be recorded or webcast.

Abstract:

The last five years, supported by DARPA’s CRASH and MRC research programmes, SRI International and the University of Cambridge have been engaged in a project to revisit the fundamentals of CPU instruction-set design to improve security. The Capability Hardware Enhanced RISC Instructions design (CHERI) extends a conventional RISC Instruction-Set Architecture (ISA), processor, compiler, and operating system to support fine-grained, capability-based memory protection able to support both mitigation of memory-related vulnerabilities in C-language TCBs, and also extremely scalable software compartmentalisation grounded in the principle of least privilege. Prototyped as a 64-bit RISC FPGA soft-core processor, and using the FreeBSD operating system, LLVM compiler suite, and open-source applications, we demonstrate strong and efficient mitigation of numerous current exploit techniques (e.g., buffer overflows, ROP attacks) and also in-address-space compartmentalisation intended to mitigate future unknown classes of vulnerabilities and exploits. The CHERI model composes cleanly with current ISAs and software designs, and in particular, virtual memory memory based in Memory Management Units (MMUs) and C-language code, and offers an incremental adoption path for a stronger underlying protection model. This talk describes the architecture (published in a series of papers at ISCA, ASPLOS, and IEEE S&P), experimental approach grounded in hardware-software co-design, and potential transition directions.

Speaker:

As VP & CTO, Bret Hartman is responsible for defining the corporate security technology strategy for Cisco, as implemented by the Security Business Group.

Robert N.M. Watson is a University Lecturer in Systems, Security, and Architecture at the University of Cambridge Computer Laboratory. He is involved in several research groups at the lab, including Security, Networks and Operating Systems, and Computer Architecture. Current projects include CTSRD, a project in collaboration with SRI International looking at clean-slate hardware and software designs for security. Recent completed projects include the Capsicum hybrid capability system, system-call interposition concurrency problems, and the TrustedBSD MAC Framework, a widely deployed OS access-control extensibility framework (now found in FreeBSD, Mac OS X, Apple iOS, Junos, and other products). Robert has a strong interests in open-source software, is on the board of directors of the FreeBSD Foundation, and was founder of the FreeBSD Project. He earned his PhD from the University of Cambridge.