Submitted by Rachel Gardner on Thu, 29/10/2020 - 12:35
The CHERI architecture co-developed by researchers here to protect computer systems from widely-exploited security vulnerabilities takes a major step forward today with the release of software and the first industrial simulator for it.
CHERI (Capability Hardware Enhanced RISC Instructions) is a processor architecture security technology aimed at addressing the insecurity of mainstream computer systems. Conventional hardware instruction sets and the C/C++ programming languages, dating back to the 1970s, provide only coarse-grained memory protection. This turns many coding errors into exploitable security vulnerabilities.
CHERI revises the hardware/software architectural interface with hardware support for capabilities that can be used for fine-grained memory protection and scalable software compartmentalisation. Sponsored by DARPA (the US Defense Advanced Research Projects agency), CHERI is the work of a large research team at SRI International and here in the Department, along with many industrial collaborators.
For the past six years, the research team has been collaborating with Arm to create an adaptation of CHERI to the ARMv8-A architecture - which is slated to appear in Arm’s prototype Morello processor, System-on-Chip (SoC), and board in early 2022. (Richard Grisenthwaite, Arm’s Senior Vice President, Chief Architect and Fellow, announced this joint work at the UKRI Digital Security by Design (DSbD) workshop in September 2019. DSbD is a UKRI / Industrial Strategy Challenge Fund (ISCF) research programme contributing to the creation of the Morello board, and CHERI is the Digital Security by Design Technology that underlies the programme.)
Today, Arm is releasing its first simulator for the Morello architecture, the Morello FVP (Fixed Virtual Platform), and also an open-source software stack that includes their adaptation of the research team's CHERI Clang/LLVM to Morello, and early work on Morello support for Android. The prototype architecture specs are also available.
Meanwhile the Cambridge-SRI International research team is today releasing a first developer preview release of the CHERI reference software stack ported to Morello – intended to show a rich integration of CHERI into a contemporary OS design, as well as demonstration applications.
For this first developer preview release, they have focused on bringing CHERI C/C++ memory protection to Morello. Their CheriABI process environment, which allows the full UNIX userspace to run with fine-grained spatial memory safety, is fully functional on Morello.
This work has been the recent subject of a report from the Microsoft Security Response Center (MSRC), Microsoft’s internal red team and security response organization, describing how CHERI has to potential to deterministically prevent over 2/3 of critical Microsoft software security vulnerabilities.
For more information about CHERI, see the full story by Dr Robert Watson (pictured in the centre) who has led the development work here with co-investigators Peter G. Neumann (SRI), Professor Simon Moore (pictured left) and Professor Peter Sewell (pictured right).
See also today's blog post from Arm: https://www.arm.com/company/news/2020/10/morello-program-one-year-on and the Arm Morello web pages at: https://developer.arm.com/architectures/cpu-architecture/a-profile/morello
