CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based hardware/software research platform from Cambridge University and SRI. CHERI is designed as an architectural mix-in and has been specified in combination with MIPS, RISC-V, and, most recently, ARMv8-A, with Arm’s Morello prototype architecture. Emulators and FPGA realizations are available, with Morello silicon expected late 2021. Capability-aware forks of FreeRTOS, FreeBSD, LLVM, gdb, PostgreSQL, and QT WebKit are available and under active development; further porting efforts, of Linux and gcc especially, are underway. CHERI’s architecture is formally specified and key properties have been proven. Using CHERI’s mechanisms, software can efficiently implement fine-grained, reliable, spatial and temporal memory protection and scalable compartmentalization. Though folklore holds that capability hardware architectures are impractical, CHERI achieves its goals with low overheads and limited disruption to processor (micro)architecture while retaining broad compatibility with C and modern features such as dynamic linkage and thread-local storage. This talk will give an overview of CHERI and the software stacks developed atop it before deep-diving in to the speaker’s ongoing work on providing heap temporal memory safety atop CHERI’s architectural mechanisms.
Please email for a
Dr. Nathaniel “Wes” Filardo is a Senior Researcher at Microsoft Research Cambridge, where he leads the effort to build heap temporal memory safety enforcement atop CHERI. He was previously a postdoctoral research associate under Dr. Robert Watson in the University of Cambridge Computer Lab’s security group. He received a Ph.D. in Computer Science from Johns Hopkins University in 2017 under the supervision of Jason Eisner, and additionally holds B.S. degrees in Computer Science and Physics from Carnegie Mellon University.