CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Offered By: IEEE via YouTube
Course Description
Overview
Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.
Syllabus
Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Security in Google Cloud PlatformGoogle Cloud via Coursera Security in Google Cloud
Google Cloud via Coursera Mitigating Security Vulnerabilities on Google Cloud Platform
Pluralsight Network Security Basics
Pluralsight Mitigating Security Vulnerabilities on Google Cloud
Pluralsight