About the session
Introduction to CHERI Technology for Memory Safety, and to CHERI for RISC-V to Make Memory Safety Accessible to Everyone
Tariq Kurd, Chief Architect, Codasip, UK
This talk will cover the basics of CHERI (Capability Hardware RISC Instructions) technology for a technical audience who are not familiar with the technology.
The talk starts with a brief history of CHERI, which began at Cambridge University in 2010. It describes the threat landscape that CHERI is addressing and how it makes it significantly harder for malicious actors to attack CHERI systems than traditional computers.
The talk continues with recently detected CVEs (Common Vulnerabilities and Exposures) which could have been prevented on CHERI systems. 70% of CVEs are not possible on CHERI systems, and attack chains that require multiple exploits to be enabled at once become significantly harder to find.
Then I talk about real world exploits avoided by CHERI with full descriptions – HeartBleed being the highest profile, and also the Sudo exploit.
Next, I introduce RISC-V – the new open source computer architecture, and why it is the best vehicle for getting CHERI into the market as opposed to other architectures such as ARM, MIPS, x86, all of which have CHERI variants. We then touch on the status of the RISC-V standardisation effort.
Then I talk about the CHERI Alliance – which is a group of companies driving forward the adoption of CHERI and development of software and system architecture for CHERI systems. I also talk about the UK government's backing for CHERI.
The next topic is real world adoption:
- Network processing for complex packet parsing
- Compartmentalisation for supply chain management, binary driver isolation, user space code isolation etc.
- Software is the final topic, talking about the status of CHERI Linux, seL4, Zephyr etc. and their availability. MMU-less Linux is also discussed
The talk ends with a summary of the advantages of CHERI, and why people should start adopting it now.
