CHERI: a research platform deconflating hardware virtualization and protection

Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, Hassen Saidi

Research output: Contribution to conferencePaperpeer-review

Abstract / Description of output

Contemporary CPU architectures conflate virtualization and protection, imposing virtualization-related performance, programmability, and debuggability penalties on software requiring finegrained protection. First observed in micro kernel research, these problems are increasingly apparent in recent attempts to mitigate software vulnerabilities through application compartmentalisation. Capability Hardware Enhanced RISC Instructions (CHERI) extend RISC ISAs to support greater software compartmentalisation. CHERI’s hybrid capability model provides fine-grained compartmentalisation within address spaces while maintaining software backward compatibility, which will allow the incremental deployment of fine-grained compartmentalisation in both our most trusted and least trustworthy C-language software stacks. We have implemented a 64-bit MIPS research soft core, BERI, as well as a capability coprocessor, and begun adapting commodity software packages (FreeBSD and Chromium) to execute on the platform.
Original languageEnglish
Number of pages8
Publication statusPublished - 3 Mar 2012
EventRuntime Environments, Systems, Layering and Virtualized Environments (RESoLVE) 2012 - London, United Kingdom
Duration: 3 Mar 20123 Mar 2012
Conference number: 2
http://www.dcs.gla.ac.uk/conferences/resolve12/index.html

Workshop

WorkshopRuntime Environments, Systems, Layering and Virtualized Environments (RESoLVE) 2012
Abbreviated titleRESoLVE 2012
Country/TerritoryUnited Kingdom
CityLondon
Period3/03/123/03/12
Internet address

Fingerprint

Dive into the research topics of 'CHERI: a research platform deconflating hardware virtualization and protection'. Together they form a unique fingerprint.

Cite this