Watson, RNM; Neumann, PG; Woodruff, J; Anderson, J; Anderson, R; Dave, N; Laurie, B; ... Saidi, H; + view all Watson, RNM; Neumann, PG; Woodruff, J; Anderson, J; Anderson, R; Dave, N; Laurie, B; Moore, SW; Murdoch, SJ; Paeps, P; Roe, M; Saidi, H; - view fewer (2012) CHERI: a research platform deconflating hardware virtualisation and protection. In: McIlroy, R and Singer, J, (eds.) (Proceedings) RESoLVE 2012 (Runtime Environments, Systems, Layering and Virtualized Environments) Workshop, 3 March 2012, London, UK.

Preview

Text 2012resolve-cheri.pdf - Published Version Download (228kB) | Preview

Abstract

Contemporary CPU architectures conflate virtualization and protection, imposing virtualization-related performance, programmability, and debuggability penalties on software requiring finegrained protection. First observed in micro-kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through application compartmentalisation. Capability Hardware Enhanced RISC Instructions (CHERI) extend RISC ISAs to support greater software compartmentalisation. CHERI’s hybrid capability model provides fine-grained compartmentalisation within address spaces while maintaining software backward compatibility, which will allow the incremental deployment of fine-grained compartmentalisation in both our most trusted and least trustworthy C-language software stacks. We have implemented a 64-bit MIPS research soft core, BERI, as well as a capability coprocessor, and begun adapting commodity software packages (FreeBSD and Chromium) to execute on the platform.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as XMLCSVJSON

Downloads by country - last 12 months

Export as XMLCSVJSON

Archive Staff Only

View Item