Journal ArticleDOI
The CHERI capability model: revisiting RISC in an age of risk
Jonathan Woodruff,Robert N. M. Watson,David Chisnall,Simon W. Moore,Jonathan Anderson,Brooks Davis,Ben Laurie,Peter G. Neumann,Robert Norton,Michael Roe +9 more
- Vol. 42, Iss: 3, pp 457-468
Reads0
Chats0
TLDR
CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection, is presented, demonstrating that it enables language memory model enforcement and fault isolation in hardware rather than software, and that the CHERI mechanisms are easily adopted by existing programs for efficient in-program memory safety.Abstract:
Motivated by contemporary security challenges, we reevaluate and refine capability-based addressing for the RISC era. We present CHERI, a hybrid capability model that extends the 64-bit MIPS ISA with byte-granularity memory protection. We demonstrate that CHERI enables language memory model enforcement and fault isolation in hardware rather than software, and that the CHERI mechanisms are easily adopted by existing programs for efficient in-program memory safety. In contrast to past capability models, CHERI complements, rather than replaces, the ubiquitous page-based protection mechanism, providing a migration path towards deconflating data-structure protection and OS memory management. Furthermore, CHERI adheres to a strict RISC philosophy: it maintains a load-store architecture and requires only singlecycle instructions, and supplies protection primitives to the compiler, language runtime, and operating system. We demonstrate a mature FPGA implementation that runs the FreeBSD operating system with a full range of software and an open-source application suite compiled with an extended LLVM to use CHERI memory protection. A limit study compares published memory safety mechanisms in terms of instruction count and memory overheads. The study illustrates that CHERI is performance-competitive even while providing assurance and greater flexibility with simpler hardwareread more
Citations
More filters
Journal ArticleDOI
NetFPGA SUME: Toward 100 Gbps as Research Commodity
TL;DR: NetFPGA SUME is an FPGA-based PCI Express board with I/O capabilities for 100 Gbps operation as a network interface card, multiport switch, firewall, or test and measurement environment.
Proceedings ArticleDOI
CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Robert N. M. Watson,Jonathan Woodruff,Peter G. Neumann,Simon W. Moore,Jonathan Anderson,David Chisnall,Nirav Dave,Brooks Davis,Khilan Gudka,Ben Laurie,Steven J. Murdoch,Robert Norton,Michael Roe,Stacey Son,Munraj Vadera +14 more
TL;DR: This work demonstrates multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs.
Proceedings ArticleDOI
Failure-Atomic Persistent Memory Updates via JUSTDO Logging
TL;DR: This work presents the design and implementation of JUSTDO logging, a new failure atomicity mechanism that greatly reduces the memory footprint of logs, simplifies log management, and enables fast parallel recovery following failure.
Proceedings ArticleDOI
Thwarting Memory Disclosure with Efficient Hypervisor-enforced Intra-domain Isolation
TL;DR: SeCage retrofits commodity hardware virtualization extensions to support efficient isolation of sensitive code manipulating critical secrets from the remaining code, and is designed to work under a strong adversary model where a victim application or even the OS may be controlled by the adversary, while supporting large-scale software with small deployment cost.
Proceedings ArticleDOI
SGXBOUNDS: Memory Safety for Shielded Execution
Dmitrii Kuvaiskii,Oleksii Oleksenko,Sergei Arnautov,Bohdan Trach,Pramod Bhatotia,Pascal Felber,Christof Fetzer +6 more
TL;DR: SGXBounds is an efficient memory-safety approach for shielded execution exploiting the architectural features of Intel SGX based on the LLVM compiler framework targeting unmodified multithreaded applications and has performance and memory overheads similar to AddressSanitizer and Intel MPX.
References
More filters
Proceedings ArticleDOI
LLVM: a compilation framework for lifelong program analysis & transformation
Chris Lattner,Vikram Adve +1 more
TL;DR: The design of the LLVM representation and compiler framework is evaluated in three ways: the size and effectiveness of the representation, including the type information it provides; compiler performance for several interprocedural problems; and illustrative examples of the benefits LLVM provides for several challenging compiler problems.
Book
The Java Language Specification
TL;DR: The Java Language Specification, Second Edition is the definitive technical reference for the Java programming language and provides complete, accurate, and detailed coverage of the syntax and semantics of the Java language.
Journal ArticleDOI
The protection of information in computer systems
TL;DR: In this article, the authors explore the mechanics of protecting computer-stored information from unauthorized use or modification, focusing on those architectural structures-whether hardware or software-that are necessary to support information protection.
Proceedings ArticleDOI
Efficient software-based fault isolation
TL;DR: It is demonstrated that for frequently communicating modules, implementing fault isolation in software rather than hardware can substantially improve end-to-end application performance.
Proceedings Article
AddressSanitizer: a fast address sanity checker
TL;DR: The paper presents AddressSanitizer, a new memory error detector that achieves efficiency without sacrificing comprehensiveness, and has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.