Submitted by Jonathan Goddard on Tue, 16/04/2019 - 11:08
The CHERI Instruction-Set Architecture (ISA) is a novel computer processor architecture intended to support more secure computer system designs. It has been developed by a multi-disciplinary team spanning the University of Cambridge and SRI International over the last decade.
The team are presenting their paper “CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment” at the ASPLOS conference currently taking place in Providence, Rhode Island.
This paper on CheriABI has won a best paper award. ASPLOS is the ACM Conference on Architectural Support for Programming Languages and Operating Systems.
The paper demonstrates that CHERI can be used to provide fine-grained memory safety across a broad range of software applications, through recompilation including the complete FreeBSD UNIX operating system user space with low performance overhead and minimal source-code change.
The team’s design disrupts a broad range of known (and potential future) C/C++ language memory-protection vulnerabilities. This category of vulnerability is estimated by Microsoft to account for over 70% of Microsoft product vulnerabilities.
The team is led by Dr Robert Watson (Cambridge), Dr Peter Neumann (SRI), Professor Simon Moore (Cambridge), and Professor Peter Sewell (Cambridge), and the lead for this paper was Mr Brooks Davis (SRI), who is an industrial fellow at the Computer Laboratory.
To learn more about CHERI, please visit http://cheri-cpu.org/.
