Content deleted Content added
m Open access bot: doi updated in citation with #oabot. |
move text from history to background |
||
Line 12:
== Background ==
CHERI is a [[Capability-based addressing|capability]] architecture.<ref name=isca /> Early capability architectures, such as the [[CAP computer]] and [[Intel iAPX 432]], demonstrated secure memory management but were hindered by performance overheads and complexity.<ref name="capbook">{{cite book |last=Levy |first=Henry M. |year=1984 |title=Capability-based computer systems |url=https://archive.org/details/capabilitybasedc0000levy |___location=Bedford, Mass. |publisher=Digital Press |isbn=978-1483107400 |access-date=24 January 2025}}</ref> As systems became faster and more complex, vulnerabilities like [[buffer overflow]]s and [[use-after-free]] errors became widespread. CHERI addresses these challenges with a design intended for modern computing environments. It enforces [[memory safety]] and provides secure sharing and isolation to handle increasing software complexity and combat cyberattacks.
In the 1970s and 1980s early capability architectures such as the [[CAP computer]] (developed at the University of Cambridge) and the [[Intel iAPX 432]] demonstrated strong security properties. These systems relied on indirection tables to manage capabilities, introducing performance bottlenecks as memory access required multiple lookups. While this approach worked when processors were slow and memory was fast, it became impractical by the mid-1980s as processors became faster and memory access times lagged behind.<ref name="capbook" />▼
In 2010 DARPA launched the Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) programme,<ref>{{cite web |year=2010 |title=CRASH: Clean-slate design of Resilient, Adaptive, Secure Hosts |url=https://www.darpa.mil/research/programs/clean-slate-design-of-resilient-adaptive-secure-hosts |access-date=18 January 2025 |publisher=DARPA}}</ref><ref>{{cite web |date=21 December 2012 |title=DARPA's CRASH Program Reinvents The Computer For Better Security |url=https://breakingdefense.com/2012/12/darpa-crash-program-seeks-to-reinvent-computers-for-better-secur/ |access-date=18 January 2025 |publisher=Breaking Defence}}</ref> which tasked participants with redesigning computer systems to improve security. [[SRI International]] and [[University of Cambridge]] team revisited capability architectures, seeking to address memory safety challenges inherent in conventional designs.▼
== Mechanism ==
Line 40 ⟶ 44:
== History ==
▲In the 1970s and 1980s early capability architectures such as the [[CAP computer]] (developed at the University of Cambridge) and the [[Intel iAPX 432]] demonstrated strong security properties. These systems relied on indirection tables to manage capabilities, introducing performance bottlenecks as memory access required multiple lookups. While this approach worked when processors were slow and memory was fast, it became impractical by the mid-1980s as processors became faster and memory access times lagged behind.<ref name="capbook" />
▲In 2010 DARPA launched the Clean-slate design of Resilient, Adaptive, Secure Hosts (CRASH) programme,<ref>{{cite web |year=2010 |title=CRASH: Clean-slate design of Resilient, Adaptive, Secure Hosts |url=https://www.darpa.mil/research/programs/clean-slate-design-of-resilient-adaptive-secure-hosts |access-date=18 January 2025 |publisher=DARPA}}</ref><ref>{{cite web |date=21 December 2012 |title=DARPA's CRASH Program Reinvents The Computer For Better Security |url=https://breakingdefense.com/2012/12/darpa-crash-program-seeks-to-reinvent-computers-for-better-secur/ |access-date=18 January 2025 |publisher=Breaking Defence}}</ref> which tasked participants with redesigning computer systems to improve security. [[SRI International]] and [[University of Cambridge]] team revisited capability architectures, seeking to address memory safety challenges inherent in conventional designs.
By 2012 early CHERI prototypes were presented,<ref>{{cite conference |author1=Robert N.M. Watson |author2=Peter G. Neumann |author3=Jonathan Woodruff |author4=Jonathan Anderson |author5=Ross Anderson |author6=Nirav Dave |author7=Ben Laurie |author8=Simon W. Moore |author9=Steven J. Murdoch |author10=Philip Paeps |author11=Michael Roe |author12=Hassen Saidi |title=CHERI: a research platform deconflating hardware virtualization and protection |conference=Workshop on Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012) |date=2 March 2012 |url=https://www.cl.cam.ac.uk/~rnw24/papers/201203-resolve-cheri.pdf}}</ref> These prototypes ran a microkernel with hand-written assembly for manipulating capabilities. CHERI was designed to be easy to implement on modern superscalar pipelined architectures. Unlike earlier capability systems, CHERI eliminated the need for indirection tables,<ref name="isca">{{cite conference |author1=Jonathan Woodruff |author2=Robert N. M. Watson |author3=David Chisnall |author4=Simon W. Moore |author5=Jonathan Anderson |author6=Brooks Davis |author7=Ben Laurie |author8=Peter G. Neumann |author9=Robert Norton |author10=Michael Roe |title=The CHERI capability model: Revisiting RISC in an age of risk |conference=2014 ACM/IEEE 41st International Symposium on Computer Architecture (ISCA) |___location=Minneapolis, MN, USA |date=2014 |pages=457–468 |doi=10.1109/ISCA.2014.6853201}}</ref> avoiding the associated performance issues and proving that modern capability architectures could be efficiently implemented.
| |||