Watson, RNM;
Woodruff, J;
Neumann, PG;
Moore, SW;
Anderson, J;
Chisnall, D;
Dave, N;
... Vadera, M; + view all
(2015)
CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization.
In: Peisert, S and Bauer, L and Shmatikov, V, (eds.)
Proceedings of 2015 IEEE Symposium on Security and Privacy.
(pp. pp. 20-37).
IEEE: San Jose, CA, USA.
Preview |
Text
oakland15cheri.pdf Download (432kB) | Preview |
Abstract
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA soft-core processor, Free BSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.
| Type: | Proceedings paper |
|---|---|
| Title: | CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization |
| Event: | IEEE Symposium on Security and Privacy SP, 18-20 May 2015 San Jose, California, USA |
| Location: | San Jose, CA |
| Dates: | 18 May 2015 - 20 May 2015 |
| ISBN-13: | 9781467369497 |
| Open access status: | An open access version is available from UCL Discovery |
| DOI: | 10.1109/SP.2015.9 |
| Publisher version: | http://dx.doi.org/10.1109/SP.2015.9 |
| Language: | English |
| Additional information: | This version is the author accepted manuscript. For information on re-use, please refer to the publisher’s terms and conditions. © 2015, Robert N.M. Watson. Under license to IEEE. |
| Keywords: | Science & technology, technology, computer science, theory & methods, engineering, electrical & electronic, computer science, engineering, protection. |
| UCL classification: | UCL UCL > Provost and Vice Provost Offices > UCL BEAMS UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science UCL > Provost and Vice Provost Offices > UCL BEAMS > Faculty of Engineering Science > Dept of Computer Science |
| URI: | https://discovery.ucl.ac.uk/id/eprint/1470067 |
Loading...
Loading...Loading...Loading...Archive Staff Only
 |
View Item |
