Title :
CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization
Author :
Watson, Robert N. M. ; Woodruff, Jonathan ; Neumann, Peter G. ; Moore, Simon W. ; Anderson, Jonathan ; Chisnall, David ; Dave, Nirav ; Davis, Brooks ; Gudka, Khilan ; Laurie, Ben ; Murdoch, Steven J. ; Norton, Robert ; Roe, Michael ; Son, Stacey ; Vadera,
Abstract :
CHERI extends a conventional RISC Instruction-Set Architecture, compiler, and operating system to support fine-grained, capability-based memory protection to mitigate memory-related vulnerabilities in C-language TCBs. We describe how CHERI capabilities can also underpin a hardware-software object-capability model for application compartmentalization that can mitigate broader classes of attack. Prototyped as an extension to the open-source 64-bit BERI RISC FPGA soft-core processor, Free BSD operating system, and LLVM compiler, we demonstrate multiple orders-of-magnitude improvement in scalability, simplified programmability, and resulting tangible security benefits as compared to compartmentalization based on pure Memory-Management Unit (MMU) designs. We evaluate incrementally deployable CHERI-based compartmentalization using several real-world UNIX libraries and applications.
Keywords :
data protection; operating systems (computers); program compilers; reduced instruction set computing; software architecture; C-language TCB; CHERI; LLVM compiler; RISC instruction-set architecture; capability-based memory protection; hardware-software object-capability model; hybrid capability-system architecture; operating system; software compartmentalization; Hardware; Kernel; Libraries; Reduced instruction set computing; Registers; Security; CHERI processor; capability system; computer architecture; memory protection; object capabilities; software compartmentalization;
Conference_Titel :
Security and Privacy (SP), 2015 IEEE Symposium on
Conference_Location :
San Jose, CA
