CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
- 1 May 2015
- conference paper
- conference paper
- Published by Institute of Electrical and Electronics Engineers (IEEE)
Abstract
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA soft-core processor, Free BSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.Keywords
This publication has 25 references indexed in Scilit:
- A decade of OS access-control extensibilityCommunications of the ACM, 2013
- seL4Communications of the ACM, 2010
- HardboundACM SIGARCH Computer Architecture News, 2008
- Mondrian memory protectionACM SIGPLAN Notices, 2002
- CCuredACM SIGPLAN Notices, 2002
- Hardware support for fast capability-based addressingACM SIGPLAN Notices, 1994
- Protection and the control of information sharing in multicsCommunications of the ACM, 1974
- HYDRACommunications of the ACM, 1974
- A hardware architecture for implementing protection ringsCommunications of the ACM, 1972
- Programming semantics for multiprogrammed computationsCommunications of the ACM, 1966