CHERI and Arm Morello: mitigating the terrible legacy of memory-safety security issues, in practice at scale
Computing is riddled with security vulnerabilities, many of which arise from memory safety issues. Conventional hardware architectures and the C/C++ codebase are chronically prone to exploitable errors - a 75-year-old problem at the heart of computing.
This talk will introduce CHERI, showing how (finally?!) we can do better. The CHERI research project has developed a new architecture+software approach, using unforgeable hardware capabilities to implement pointers. Morello is an Arm experimental platform for evaluation of CHERI to explore its potential for mass-market adoption, part-funded by the UKRI Digital Security by Design programme, and other groups are developing CHERI-enabled RISC-V processors, including Microsoft, Google, lowRISC, SCI Semiconductor, Codasip, and RISC-V International.
This talk will introduce the problem, and CHERI and Morello, for a broad audience: the hardware extensions, their potential for fine-grained memory safety and software compartmentalisation, the CHERI software stack, and machine-checked mathematical proof that the architecture design provides the intended security. CHERI complements alternative high-level-language approaches, that would need code to be rewritten from scratch, and we'll talk about the often-low cost of porting code to CHERI.
I'll demo how CHERI prevents exploitable memory safety errors on a Morello box, running Arm CHERI hardware and a complete CHERI software stack.
This is joint work by the CHERI and Morello teams at the University of Cambridge, Arm, SRI International, and the University of Edinburgh.