CHERI and Morello: Arming systems with hardware-enforced memory safety capabilities

Jessica Clarke

1988 saw the Morris worm exploit a buffer overflow in fingerd, yet 35 years later unsafe C and C++ remain ubiquitous, with Microsoft reporting in 2019 that around 70% of their vulnerabilities are memory safety errors, and Google reporting the same for Chrome in 2020. CHERI is a research project at the University of Cambridge and SRI International, in collaboration with industry, that seeks to address such vulnerabilities at the hardware level, and Morello is a prototype architecture, SoC and development board developed by Arm that brings CHERI to a variant of the Armv8.2-A architecture. In this talk I’ll give an overview of how CHERI works, its interactions with C and C++, what software we have running on top of it, and a short demo.

Slides: 2023-11-25-MiniDebConfCambridge.pdf
Video: http://meetings-archive.debian.net/pub/debian-meetings/2023/MiniDebConf-Cambridge/cheri-and-morello.webm

DebianEventsgb2023MiniDebConfCambridgeClarke

CHERI and Morello: Arming systems with hardware-enforced memory safety capabilities

DebianEvents
gb
2023
MiniDebConfCambridge
Clarke