CHERI: Architectural Support for Memory Protection and Compartmentalization
Capability Hardware Enhanced RISC Instructions (CHERI) extend conventional RISC architectures with support for capabilities -- pointers whose integrity, provenance validity, and monotonicity are protected by the hardware, and extended with protection metadata such as bounds, permissions, and encapsulation. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++ -language programs, protections against control-flow attacks such as ROP and JOP, prevention of pointer privilege escalation, granular and efficient in-address-space isolation and software compartmentalization, and safe interoperation between managed languages and native-code extensions.
This talk will provide an introduction to the CHERI architecture. I twill then provide a brief description of CheriABI, a FreeBSD-based memory-safe UNIX process environment built over pure-capability CHERI C/C++. In this environment, code is compiled so that all pointers, explicit and implied, are implemented using CHERI capabilities. The talk will conclude with a review of ongoing efforts to apply CHERI to other architectures.
John Baldwin is a systems software developer. He has directly committed changes to the FreeBSD operating system for twenty years across various parts of the kernel (including x86 platform support, SMP, various device drivers, and the virtual memory subsystem) and userspace programs. In addition to writing code, John has served on the FreeBSD core and release engineering teams. He has also contributed to the GDB debugger and LLVM. John has taught four CSC 415 sections since the spring 2016 semester.