Watson, RNM; Norton, RM; Woodruff, J; Moore, SW; Neumann, PG; Anderson, J; Chisnall, D; ... Vadera, M; + view all Watson, RNM; Norton, RM; Woodruff, J; Moore, SW; Neumann, PG; Anderson, J; Chisnall, D; Davis, B; Laurie, B; Roe, M; Dave, NH; Gudka, K; Joannou, A; Markettos, AT; Maste, E; Murdoch, SJ; Rothwell, C; Son, SD; Vadera, M; - view fewer (2016) Fast Protection-Domain Crossing in the CHERI Capability-System Architecture. IEEE Micro , 36 (5) pp. 38-49. 10.1109/MM.2016.84.

Preview

Text Murdoch_Watson_et_al-2016-IEEE_Micro_Journal-AM.pdf - Accepted Version Download (494kB) | Preview

Abstract

Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.

Download activity - last month

Export as XMLCSVJSON

Download activity - last 12 months

Export as XMLJSONCSV

Downloads by country - last 12 months

Export as CSVJSONXML

Archive Staff Only

View Item