CHERI-RISC-V - a full stack solution for spatial and temporal memory safety
Duration: 46 mins 6 secs
Share this media item:
Embed this media item:
Embed this media item:
About this item
Description: | Research talk on the CHERI-RISC-V open source hardware and software stack with an emphasis on secure hardware. |
---|
Created: | 2020-09-07 13:52 | ||
---|---|---|---|
Collection: | CHERI Talks and Videos | ||
Publisher: | University of Cambridge | ||
Copyright: | Prof. Simon W. Moore | ||
Language: | eng (English) | ||
Keywords: | CHERI; RISC-V; CHERI-RISC-V; secure processors; | ||
Credits: |
|
Abstract: | Originally prototyped on MIPS, we have now added CHERI security extensions to the RISC-V ISA, with multiple open-source cores with various microarchitectures prototyped on FPGA. CHERI extensions for RISC-V provide low-level hardware primitives for in-memory capabilities that allows software to dramatically improve security by mitigating many spatial and temporal memory safety vulnerabilities. Spatial vulnerabilities like buffer-overflow and buffer-over read are typically eliminated through the compiler and linker capturing more of the programmer’s original intent. Pointers are mapped into in-memory capabilities that include bounds, permissions and have integrity properties. Temporal memory safety mitigates vulnerabilities like use-after-free through revocation of capabilities, offering a major performance improvement over existing techniques like address sanitiser. Capabilities provide the basis for other software mitigations, including control-flow robustness and highly efficient compartmentalisation. |
---|