skip to content

Department of Computer Science and Technology

Dozens of attendees attended a workshop for the industry, academia and government experts evaluating a pioneering new cybersecurity technology co-developed here.

CHERITech 2024 was the third workshop in the series for those working with the CHERI technology that leads the UK government's Digital Security by Design programme.

CHERI (or 'Capability Hardware Enhanced RISC Instructions') is a long-running research project to revisit fundamental design choices in hardware and software to dramatically improve system security.

CHERI extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalisation.

The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities. And the CHERI scalable compartmentalisation features enable the fine-grained decomposition of operating-system (OS) and application code, to limit the effects of security vulnerabilities in ways that are not supported by current architectures.  

Prof Robert Watson, who co-leads the CHERI team here, kicked off the event with an overview of the current state of research and development.

This was followed by a demonstration of library-based compartmentalisation across a range of desktop applications. Since the start of 2022, an industrial prototype of the technology - the Arm Morello processor and evaluation board - has been available to firms to try out through the Digital Security by Design programme. 

This prototype demonstrates that library-based compartmentalisation running on Morello is highly scalable with over one million compartment transitions per second being tractable while still maintaining a highly responsive graphical user interface.

Tariq Kurd (Codasip) then reviewed the standardisation effort bringing CHERI to the open source RISC-V instruction set architecture (ISA). This provided a background to the following talks that all used CHERI-RISC-V. The Zephyr embedded operating system on CHERI-RISC-V was introduced and demonstrated by Jennifer Jackson & Minmin Jiang (University of Birmingham). David Chisnall (SCI Semiconductor, previously at Microsoft Research) presented work on protecting supply chains using their CHERI enhanced RISC-V based microcontroller – CHERIoT – originally developed at Microsoft Research. 

CHERIoT was also the focus of work by Tom Melham (University of Oxford) who had used innovative techniques to formally verify key properties of the microcontroller. Matt Naylor, a Senior Research Associate here, presented his work on SIMTight, a CHERI enhanced RISC-V based GPU. 

There were several talks from industry evaluating Morello (CHERI-on-ARM processors). Daniel King (Adacore) demonstrated the benefits of using CHERI for high integrity systems like air traffic control. Hardeep Chahal (Beam Connectivity et al.) and Peter Davies (Thales) explored the security and economic benefits of CHERI for the automotive sector. Nick Connolly (Rtegrity) presented his evaluation of CHERI library-based compartmentalisation for storage stacks.  

Graeme Jenkinson (Capabilities Ltd) demonstrated the use of CHERI for the Chromium web browser, which is a huge code base that includes the V8 JavaScript and WebAssembly engine. CHERI support in Linux was presented by Vincenzo Frascino (Arm). Sarah Harris (University of Kent) explored how CHERI can bring additional safety to the Rust language. 

Pierre Olivier (University of Manchester) demonstrated how CHERI can be used for minimal single address space operating systems (unikernels). Finally, use of CHERI for virtual machines was discussed by Jeremy Singer (University of Glasgow). 

 

Professor Simon Moore


Published by auto on Monday 13th May 2024