Wikipedia

Capability Hardware Enhanced RISC Instructions: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
GreenC bot (talk | contribs)
Bots
3,068,801 edits
BunnysBot (talk | contribs)
Bots
38,790 edits
m Fix CW Errors with GenFixes (T1)
Line 6:
The hardware works by giving each reference to any piece of data or system resource its own access rules. This prevents programs from accessing or changing things they should not. It also makes it hard to trick a part of a program into accessing or changing something that it should be able to access, but at a different time. The same mechanism is used to implement [[privilege separation]], dividing processes into compartments that limit the damage that a bug (security or otherwise) can do.
 
CHERI can be added to many different [[instruction set architecture]]s including [[MIPS architecture|MIPS]], [[AArch64]], and [[RISC-V]], making it usable across a wide range of platforms.
 
Software must be recompiled to gain fine-grained memory-safety benefits from CHERI, but most software requires few (if any) changes to the source code.<ref name="ecosystemviability">{{cite tech report |title=Assessing the Viability of an Open-Source CHERI Desktop Software Ecosystem |author1=Robert N. M. Watson |author2=Ben Laurie |author3=Alex Richardson |date=17 September 2021 |publisher=Capabilities Ltd |url=https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/20210917-capltd-cheri-desktop-report-version1-FINAL.pdf}}</ref> CHERI's importance has been recognised by governments as a way to improve cybersecurity and protect critical systems.<ref name="ONCDReport">{{cite web |date=February 2024 |title=Final ONCD Technical Report |url=https://bidenwhitehouse.archives.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf |access-date=21 January 2025 |website=White House |publisher=Office of the National Cyber Director|archive-url=https://web.archive.org/web/20250118014817/https://www.whitehouse.gov/wp-content/uploads/2024/02/Final-ONCD-Technical-Report.pdf |archive-date=18 January 2025 |url-status=live}}</ref> It is under active development by various business and academic organizations.<ref name="cheri-alliance-launched">{{cite magazine |date=13 November 2024 |title=CHERI Alliance launched |first=David |last=Manners |url=https://www.electronicsweekly.com/news/business/cheri-alliance-launched-2024-11/ |access-date=20 January 2025 |magazine=Electronics Weekly}}</ref>
 
== Background ==
CHERI is a [[Capability-based addressing|capability]] architecture.<ref name=isca /> Early capability architectures, such as the [[CAP computer]] and [[Intel iAPX 432]], demonstrated secure memory management but were hindered by performance overheads and complexity.<ref name="capbook">{{cite book |last=Levy |first=Henry M. |year=1984 |title=Capability-based computer systems |url=https://archive.org/details/capabilitybasedc0000levy |___location=Bedford, Mass. |publisher=Digital Press |isbn=978-1483107400 |access-date=24 January 2025}}</ref> As systems became faster and more complex, vulnerabilities like [[Bufferbuffer overflow|buffer overflows]]s and [[use-after-free]] errors became widespread. CHERI addresses these challenges with a design intended for modern computing environments. It enforces [[memory safety]] and provides secure sharing and isolation to handle increasing software complexity and combat cyberattacks.
 
== Mechanism ==
Line 24:
 
== Limitations ==
The architecture introduces hardware complexity due to the tag-bit mechanisms and capability checks required for enforcing memory safety. Although optimisations have been implemented to minimise these impacts,<ref name=":1" />, the performance trade-offs can vary depending on specific workloads and specific implementations. Additionally, CHERI requires modifications to both software and hardware ecosystems. Implementations such as Morello allow unmodified binaries to run but these do not get any additional security benefits. Software must be recompiled or adapted to utilise CHERI's capability-based model, and hardware manufacturers must incorporate CHERI extensions into their designs.
 
Standardisation remains an ongoing effort. While initiatives such as the CHERI Alliance<ref>{{Cite web |title=CHERI Alliance – Industry-led security technology |url=https://cheri-alliance.org |access-date=2025-01-27 |website=CHERI Alliance |language=en-US}}</ref> and RISC-V standardisation<ref name=":2" /> aim to establish broader support, the lack of widely accepted industry standards for CHERI features have delayed adoption. Adapting legacy software or retrofitting existing systems to work with CHERI can be challenging, particularly for large and heterogeneous codebases. The difficulty often stems from programming practices used during the software's original development, such as implementing custom memory management, where identifying pointers from integers can be particularly problematic.<ref>{{cite journal |author1=Robert N.M. Watson |author2=David Chisnall |author3=Jessica Clarke |author4=Brooks Davis |author5=Nathaniel Wesley Filardo |author6=Ben Laurie |author7=Simon W. Moore |author8=Peter G. Neumann |author9=Alexander Richardson |author10=Peter Sewell |author11=Konrad Witaszczyk |author12=Jonathan Woodruff |title=CHERI: Hardware-Enabled C/C++ Memory Protection at Scale |journal=IEEE Security & Privacy |volume=22 |issue=4 |pages=50–61 |date=July–August 2024|doi=10.1109/MSEC.2024.3396701 }}</ref>
Line 56:
This initiative funded Arm's Morello chip, a ''superset architecture'' designed to evaluate experimental CHERI features for potential production use based on [[AArch64]]. The Morello board was designed to run CheriBSD, as well as custom versions of Android and Linux. At the same time, the Cornucopia<ref>{{cite conference |author1=Nathaniel Wesley Filardo |author2=Brett F. Gutstein |author3=Jonathan Woodruff |author4=Sam Ainsworth |author5=Lucian Paul-Trifu |author6=Brooks Davis |author7=Hongyan Xia |author8=Edward Tomasz Napierala |author9=Alexander Richardson |author10=John Baldwin |author11=David Chisnall |author12=Jessica Clarke |author13=Khilan Gudka |author14=Alexandre Joannou |author15=A. Theodore Markettos |author16=Alfredo Mazzinghi |author17=Robert M. Norton |author18=Michael Roe |author19=Peter Sewell |author20=Stacey Son |author21=Timothy M. Jones |author22=Simon W. Moore |author23=Peter G. Neumann |author24=Robert N. M. Watson |title=Cornucopia: Temporal Safety for CHERI Heaps |book-title=Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2020) |___location=San Jose, CA, USA |date=18–20 May 2020 |url=https://www.cl.cam.ac.uk/research/security/ctsrd/pdfs/2020oakland-cornucopia.pdf |doi=10.1109/SP40000.2020.00098}}</ref> project demonstrated that CHERI could enforce both spatial and temporal memory safety, offering deterministic protection against heap object temporal aliasing (roughly, "use-after-free"). The follow-up project, Cornucopia Reloaded,<ref name="cornucopiareloaded" /> showcased efficient temporal safety using page-table features in Morello, in particular, near-negligible pause times for the application making use of revocation.
 
In 2023 Microsoft introduced CHERIoT,<ref name="cheriot" />, a [[RISC-V]] CHERI adaptation optimised for small embedded devices. CHERIoT incorporated ideas from Cornucopia and memory colouring techniques such as SPARC ADI and Arm MTE to enhance security. As part of the UKRI-funded Sunburst project, lowRISC launched the Sonata platform to advance RISC-V-based CHERI development and support standardisation efforts. Both the CHERI RISC-V research work and CHERIoT fed into the standardisation process for an official CHERI family of RISC-V extensions.<ref name=":2">{{cite web |title=CHERI Ratification Plan |url=https://lf-riscv.atlassian.net/wiki/spaces/CTXX/pages/47022116/CHERI+Ratification+Plan |access-date=10 January 2025}}</ref> [[Codasip]] announced that they had RISC-V IP cores with CHERI extensions available to license.<ref>{{cite web |url=https://www.eenewseurope.com/en/codasip-delivers-first-commercial-cheri-processor-using-risc-v/ |publisher=eeNews |access-date=20 January 2025 |title=Codasip delivers first commercial CHERI processor using RISC-V |date=2 November 2023 }}</ref>
 
By 2024 SCI Semiconductors announced ICENI,<ref name=iceni>{{cite web |last1=Flaherty |first1=Nick |date=23 October 2024 |title=First CHERI RISC-V embedded chip and Early Access Programme |url=https://www.eenewseurope.com/en/first-cheri-risc-v-embedded-chip-and-early-access-programme/ |access-date=11 January 2025 |publisher=eeNews Europe}}</ref> a CHERIoT-compatible chip designed specifically for secure embedded systems. Codasip is actively developing a Linux kernel implementation for the RISC-V architecture.<ref>{{cite web |url=https://codasip.com/press-release/2024/10/21/codasip-enables-secure-linux-by-donating-cheri-risc-v-sdk-to-the-cheri-alliance/ |title=Codasip enables secure Linux by donating CHERI RISC-V SDK to the CHERI Alliance |publisher=Codasip |date=21 October 2024 |access-date=20 January 2025}}</ref> The CHERI Alliance, a non-profit organisation based in Cambridge, UK, was established to promote the adoption of CHERI technology and its integration into secure digital products and systems, including Google as a founding member.<ref name="cheri-alliance-launched" />
Retrieved from "https://en.wikipedia.org/wiki/Capability_Hardware_Enhanced_RISC_Instructions"