YoVDO

CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization

Offered By: IEEE via YouTube

Tags

System Architecture Courses Software Security Courses Attack Mitigations Courses Memory Protection Courses

Course Description

Overview

Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.

Syllabus

Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions


Taught by

IEEE Symposium on Security and Privacy

Tags

Related Courses

Armv8-M Architecture Fundamentals
Arm Education via Coursera
Memory Management in OS - Contiguous Memory Allocation
CodeHelp - by Babbar via YouTube
Shreds - Fine-Grained Execution Units with Private Memory
IEEE via YouTube
XMP: Selective Memory Protection for Kernel and User Space
IEEE via YouTube
Formal Modelling and Proof in the CHERI Design and Implementation Process
IEEE via YouTube