Abstract

Capability Hardware Enhanced RISC Instructions (CHERI) extend a conventional RISC architecture with support for “capabilities” — pointers whose integrity is protected by the hardware, extended with protection metadata such as bounds and permissions, and constrained by security properties such as monotonicity. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++-language programs; protections against control-flow attacks such as ROP and JOP ; granular and efficient in-address-space isolation and software compartmentalisation; and safe interoperation between managed languages and native-code extensions. Prototyped via hardware-software co-design, and evaluated on FPGA over a six-year period with support from DARPA , the CHERI processor is able to run adapted versions of the FreeBSD operating system (CheriBSD) and open-source application stack, and is targeted by an extended version of the Clang/LLVM compiler. This talk introduces the CHERI architecture and potential applications, and will also describe current research directions.