YoVDO

CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization

Offered By: IEEE via YouTube

Tags

System Architecture Courses Software Security Courses Attack Mitigations Courses Memory Protection Courses

Course Description

Overview

Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.

Syllabus

Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Armv8-M Architecture Fundamentals
Arm Education via Coursera
Security Architecture and Engineering
Packt via Coursera
A New Proposal for Protecting Kernel Data Memory
Linux Foundation via YouTube
All the Things You Can Do with ARMv8 Virtualization
Linux Foundation via YouTube
Analyzing and Improving the Security Properties of Secret Memory
Linux Foundation via YouTube