CHERI - A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Offered By: IEEE via YouTube
Course Description
Overview
Explore a cutting-edge hybrid capability-system architecture for scalable software compartmentalization in this 22-minute IEEE conference talk. Delve into CHERI (Capability Hardware Enhanced RISC Instructions), an extension of conventional RISC architecture that enhances memory protection and mitigates vulnerabilities in C-language Trusted Computing Bases (TCBs). Discover how CHERI capabilities underpin a hardware-software object-capability model, offering improved scalability and simplified programmability compared to traditional Memory Management Unit (MMU) designs. Examine the prototype implementation on the open-source 64-bit BERI RISC FPGA soft-core processor, FreeBSD operating system, and LLVM compiler. Learn about the tangible security benefits and evaluate the incrementally deployable CHERI-based compartmentalization using real-world UNIX libraries and applications.
Syllabus
Intro
Application compartmentalization
CHERI capability model
Virtual memory vs. capabilities
CHERI capabilities
CheriBSD object capabilities
Object-capability call/return
CHERI hardware/software prototypes
Application implications
Conclusions
Taught by
IEEE Symposium on Security and Privacy
Tags
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight