BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Talks.cam//talks.cam.ac.uk//
X-WR-CALNAME:Talks.cam
BEGIN:VEVENT
SUMMARY:The CHERI capability model: Revisiting RISC in an age of risk - Jo
 nathan Woodruff (University of Cambridge)
DTSTART:20140605T140000Z
DTEND:20140605T150000Z
UID:TALK52948@talks.cam.ac.uk
CONTACT:Eiko Yoneki
DESCRIPTION:Motivated by contemporary security challenges\, we reevaluate 
 and refine capability-based addressing for the RISC era. We present CHERI\
 , a hybrid capability model that extends the 64-bit MIPS ISA with byte-gra
 nularity memory protection. We demonstrate that CHERI enables language mem
 ory model enforcement and fault isolation in hardware rather than software
 \, and that the CHERI mechanisms are easily adopted by existing programs f
 or efficient in-program memory safety.\n\nIn contrast to past capability m
 odels\, CHERI complements\, rather than replaces\, the ubiquitous page-bas
 ed protection mechanism\, providing a migration path towards deconflating 
 data-structure protection and OS memory management. Furthermore\, CHERI ad
 heres to a strict RISC philosophy: it maintains a load-store architecture 
 and requires only single-cycle instructions\, and supplies protection prim
 itives to the compiler\, language runtime\, and operating system.\n\nWe de
 monstrate a mature FPGA implementation that runs the FreeBSD operating sys
 tem with a full range of software and an open-source application suite com
 piled with an extended LLVM to use CHERImemory protection. A limit study c
 ompares published memory safety mechanisms in terms of instruction count a
 nd memory overheads. The study illustrates that CHERI is performance-compe
 titive even while providing assurance and greater flexibility with simpler
  hardware.\n
LOCATION:FW26\, Computer Laboratory\, William Gates Builiding
END:VEVENT
END:VCALENDAR