CHERI and Morello: Arming systems with hardware-enforced memory safety capabilities

Jessica Clarke

1988 saw the Morris worm exploit a buffer overflow in fingerd, yet 35 years later unsafe C and C++ remain ubiquitous, with Microsoft reporting in 2019 that around 70% of their vulnerabilities are memory safety errors, and Google reporting the same for Chrome in 2020. CHERI is a research project at the University of Cambridge and SRI International, in collaboration with industry, that seeks to address such vulnerabilities at the hardware level, and Morello is a prototype architecture, SoC and development board developed by Arm that brings CHERI to a variant of the Armv8.2-A architecture. In this talk I’ll give an overview of how CHERI works, its interactions with C and C++, what software we have running on top of it, and a short demo.