Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

The CHERI capability model: Revisiting RISC in an age of risk (ISCA 2014)
Light Blue Touchpaper ^ | 7/3/14 | Robert N. M. Watson

Posted on 07/16/2014 7:12:18 AM PDT by zeugma

The CHERI capability model: Revisiting RISC in an age of risk (ISCA 2014)

2014-07-03 Academic papers, Open-source security, Operating systems, Processors, Programmable logic

Last week, Jonathan Woodruff presented our joint paper on the CHERI memory model, The CHERI capability model: Revisiting RISC in an age of risk, at the 2014 International Symposium on Computer Architecture (ISCA) in Minneapolis (video, slides). This is our first full paper on Capability Hardware Enhanced RISC Instructions (CHERI), collaborative work between Simon Moore’s and my team composed of members of the Security, Computer Architecture, and Systems Research Groups at the University of Cambridge Computer Laboratory, Peter G. Neumann’s group at the Computer Science Laboratory at SRI International, and Ben Laurie at Google.

CHERI is an instruction-set extension, prototyped via an FPGA-based soft processor core named BERI, that integrates a capability-system model with a conventional memory-management unit (MMU)-based pipeline. Unlike conventional OS-facing MMU-based protection, the CHERI protection and security models are aimed at compilers and applications. CHERI provides efficient, robust, compiler-driven, hardware-supported, and fine-grained memory protection and software compartmentalisation (sandboxing) within, rather than between, addresses spaces. We run a version of FreeBSD that has been adapted to support the hardware capability model (CheriBSD) compiled with a CHERI-aware Clang/LLVM that supports C pointer integrity, bounds checking, and capability-based protection and delegation. CheriBSD also supports a higher-level hardware-software security model permitting sandboxing of application components within an address space based on capabilities and a Call/Return mechanism supporting mutual distrust.

The approach draws inspiration from Capsicum, our OS-facing hybrid capability-system model now shipping in FreeBSD and available as a patch for Linux courtesy Google. We found that capability-system approaches matched extremely well with least-privilege oriented software compartmentalisation, in which programs are broken up into sandboxed components to mitigate the effects of exploited vulnerabilities. CHERI similarly merges research capability-system ideas with a conventional RISC processor design, making accessible the security and robustness benefits of the former, while retaining software compatibility with the latter. In the paper, we contrast our approach with a number of others including Intel’s forthcoming Memory Protection eXtensions (MPX), but in particular pursue a RISC-oriented design instantiated against the 64-bit MIPS ISA, but the ideas should be portable to other RISC ISAs such as ARMv8 and RISC-V.

Our hardware prototype is implemented in Bluespec System Verilog, a high-level hardware description language (HDL) that makes it easier to perform design-space exploration. To facilitate both reproducibility for this work, and also future hardware-software research, we’ve open sourced the underlying Bluespec Extensible RISC Implementation (BERI), our CHERI extensions, and a complete software stack: operating system, compiler, and so on. In fact, support for the underlying 64-bit RISC platform, which implements a version of the 64-bit MIPS ISA, was upstreamed to FreeBSD 10.0, which shipped earlier this year. Our capability-enhanced versions of FreeBSD (CheriBSD) and Clang/LLVM are distributed via GitHub.

You can learn more about CHERI, BERI, and our larger clean-slate hardware-software agenda on the CTSRD Project Website. There, you will find copies of our prior workshop papers, full Bluespec source code for the FPGA processor design, hardware build instructions for our FPGA-based tablet, downloadable CheriBSD images, software source code, and also our recent technical report, Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture, and Jon Woodruff’s PhD dissertation on CHERI.

Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI capability model: Revisiting RISC in an age of risk, Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), Minneapolis, MN, USA, June 14–16, 2014.

 


TOPICS: News/Current Events
KEYWORDS: computers; risc
Yeah, I know it's from a blog, and I wouldn't normally put that in "news" but I figure it is news when someone has designed a 64-bit processor, ported a compiler and operating system to it, and open sourced the whole ball of wax.

This is pretty awesome. It will be interesting to see what comes of this.

1 posted on 07/16/2014 7:12:18 AM PDT by zeugma
[ Post Reply | Private Reply | View Replies]

To: zeugma

Please Translate and tell us if/how CHERI/BERI is better than RISC?


2 posted on 07/16/2014 7:23:28 AM PDT by sr4402
[ Post Reply | Private Reply | To 1 | View Replies]

To: sr4402
Please Translate and tell us if/how CHERI/BERI is better than RISC?

I would imagine that if they are providing greater security and memory protection  for threads that it would be 'better' in that respect. I'll be interested in seeing what the performance of the actual hardware design is, and how straightforward it is to port apps to it. To me, the most important aspect is that it has been fully open sourced. Essentially, anyone with access to a fab could produce this.

Slashdot has an article about this today. It will be an interesting thread to read through.

3 posted on 07/16/2014 7:34:16 AM PDT by zeugma (It is time for us to start playing cowboys and muslims for real now.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: ShadowAce; Swordmaker

Thought y’all might be interested


4 posted on 07/16/2014 8:08:29 AM PDT by zeugma (It is time for us to start playing cowboys and muslims for real now.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; Calvinist_Dark_Lord; JosephW; Only1choice____Freedom; amigatec; Still Thinking; ...

5 posted on 07/16/2014 8:12:35 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson