Capability Hardware Enhanced RISC Instructions (CHERI) extend a conventional RISC architecture with support for “capabilities” — pointers whose integrity, provenance validity, and monotonicity are protected by the hardware, and extended with protection metadata such as bounds, permissions, and encapsulation. This low-level primitive is a foundation on which a broad range of software protection properties can be built and incrementally deployed: fine-grained, referential memory protection for C/C++-language programs, protections against control-flow attacks such as ROP and JOP, prevention of pointer privilege escalation, granular and efficient in-address-space isolation and software compartmentalisation, and safe interoperation between managed languages and native-code extensions. Prototyped and evaluated via hardware-software co-design on FPGA over seven years with support from DARPA, the CHERI processor is able to run extended versions of the FreeBSD operating system (CheriBSD) and open-source application stack, and is targeted by an extended version of the Clang/LLVM compiler. This talk will introduce the CHERI approach, and describe current software research directions including recent applications of CHERI’s protection primitives to fine-grained software compartmentalisation, in providing strong pointer and memory protection for the POSIX API and stack, and in enforcing Java’s memory-safety and security properties on native code running under JNI.

Dr Robert N. M. Watson is a University Senior Lecturer (Associate Professor) at the University of Cambridge Computer Laboratory, where he works across the areas of security, operating systems, and computer architecture. He led work on the CHERI architecture "from the ISA up", designing the hardware-software security model, and has led the CHERI software development team working on OS support, compiler support, and applications. He also has research interests in network-stack design and OS tracing and profiling tools. In prior industrial research, he developed the MAC Framework used widely for OS kernel access-control extensibility in FreeBSD, Mac OS X, iOS, and Junos. He a coauthor of The Design and Implementation of the FreeBSD Operating System (Second Edition). Joint work with: Professor Simon W. Moore, senior member and founder of the University of Cambridge Computer Laboratory's Computer Architecture group, with strong interests in processor design and security. He led work on the CHERI architecture "from the ISA down", leading the hardware team developing CHERI's FPGA-based research platform, microarchitecture, and memory subsystems. He also has research interests in heterogenous computing, I/O, and substantial prior work asynchronous circuit design