CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Offered By: IEEE via YouTube
Course Description
Overview
Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.
Syllabus
Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Armv8-M Architecture FundamentalsArm Education via Coursera Security Architecture and Engineering
Packt via Coursera A New Proposal for Protecting Kernel Data Memory
Linux Foundation via YouTube All the Things You Can Do with ARMv8 Virtualization
Linux Foundation via YouTube Analyzing and Improving the Security Properties of Secret Memory
Linux Foundation via YouTube