CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Offered By: IEEE via YouTube
Course Description
Overview
Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.
Syllabus
Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Armv8-M Architecture FundamentalsArm Education via Coursera Memory Management in OS - Contiguous Memory Allocation
CodeHelp - by Babbar via YouTube Shreds - Fine-Grained Execution Units with Private Memory
IEEE via YouTube XMP: Selective Memory Protection for Kernel and User Space
IEEE via YouTube Formal Modelling and Proof in the CHERI Design and Implementation Process
IEEE via YouTube