Content deleted Content added
m Open access bot: url-access updated in citation with #oabot. |
Citation bot (talk | contribs) Removed URL that duplicated identifier. | Use this bot. Report bugs. | Suggested by CorrectionsJackal | Category:Computer memory | #UCB_Category 177/194 |
||
Line 23:
This metadata is stored inline, alongside the address, in the computer's memory and protected by a [[Tagged architecture|tag bit]], which is cleared if the capability is tampered with. This informs the computer of which areas of memory can be accessed through a specific operation and how a program can modify or read memory through that operation. This allows CHERI systems to catch cases where memory that was outside the bounds of where the program was supposed to read or write to was operated on. Associating the metadata with the value used to access memory, rather than with the memory being accessed (in contrast to a [[memory management unit]]) means that the hardware can catch cases where a program attempts to access a part of memory that it ''should'' have access to while intending to access a ''different'' piece of memory.
Implementations of CHERI systems also include modifications to the default [[Memory management|memory allocator]]. A memory allocator is a component that defines that a range of addresses should be treated by the programmer as an object. On a CHERI system, it must also communicate this information to the hardware, by setting the bounds on the pointer (represented by a CHERI capability) that is returned.<ref>{{Cite conference |last1=Bramley |first1=Jacob |last2=Jacob |first2=Dejice |last3=Lascu |first3=Andrei |last4=Singer |first4=Jeremy |last5=Tratt |first5=Laurence |title=Picking a CHERI Allocator: Security and Performance Considerations |date=6 June 2023 |book-title=Proceedings of the 2023 ACM SIGPLAN International Symposium on Memory Management |url=https://eprints.gla.ac.uk/297961/1/297961.pdf |series=ISMM 2023 |___location=New York, NY, USA |publisher=Association for Computing Machinery |pages=111–123 |doi=10.1145/3591195.3595278 |isbn=979-8-4007-0179-5}}</ref> It may also communicate the ''lifetime'', to prevent use-after-free or use-after-reuse bugs.<ref name="cornucopiareloaded">{{cite conference |author1=Nathaniel Wesley Filardo |author2=Brett F. Gutstein |author3=Jonathan Woodruff |author4=Jessica Clarke |author5=Peter Rugg |author6=Brooks Davis |author7=Mark Johnston |author8=Robert Norton |author9=David Chisnall |author10=Simon W. Moore |author11=Peter G. Neumann |author12=Robert N. M. Watson |date=2024 |title=Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety |book-title=Proceedings of the 29th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Volume 2 (ASPLOS '24) |volume=2 |publisher=Association for Computing Machinery |___location=New York, NY, USA |pages=251–268 |doi=10.1145/3620665.3640416 |url=https://doi.org/10.1145/3620665.3640416}}</ref><ref name="cheriot">{{cite conference |author1=Saar Amar |author2=David Chisnall |author3=Tony Chen |author4=Nathaniel Wesley Filardo |author5=Ben Laurie |author6=Kunyan Liu |author7=Robert Norton |author8=Simon W. Moore |author9=Yucong Tao |author10=Robert N. M. Watson |author11=Hongyan Xia |date=2023 |title=CHERIoT: Complete Memory Safety for Embedded Devices |book-title=Proceedings of the 56th Annual IEEE/ACM International Symposium on Microarchitecture (MICRO '23) |publisher=Association for Computing Machinery |___location=New York, NY, USA |pages=641–653 |doi=10.1145/3613424.3614266
Depending on the context, CHERI systems can be used to enhance compiler-level checks, build [[Trusted execution environment|secure enclaves]],<ref>{{Cite conference |last1=Van Strydonck |first1=Thomas |last2=Noorman |first2=Job |last3=Jackson |first3=Jennifer |last4=Alves Dias |first4=Leonardo |last5=Vanderstraeten |first5=Robin |last6=Oswald |first6=David |last7=Piessens |first7=Frank |last8=Devriese |first8=Dominique |title=CHERI-TrEE: Flexible enclaves on capability machines |date=1 July 2023 |conference=2023 IEEE 8th European Symposium on Security and Privacy (EuroS&P) |url=https://lirias.kuleuven.be/retrieve/715646/ |publisher=IEEE |pages=1143–1159 |doi=10.1109/EuroSP57164.2023.00070 |isbn=978-1-6654-6512-0|url-access=subscription }}</ref> or even be used to augment existing instruction architectures. A report by [[Microsoft]] in 2019 found that CHERI's protections could be used to mitigate over 70% of memory safety issues found in 2019 at the company.<ref>{{Cite web |title=Security Analysis of CHERI ISA |website=Microsoft Security Response Center blog |url=https://msrc.microsoft.com/blog/2020/10/security-analysis-of-cheri-isa/ |access-date=21 January 2025}}</ref> CHERI architectures are also designed to be backward compatible with existing programming languages such as C and C++. A study performed by University of Cambridge researchers found that porting six million lines of C and C++ code to CHERI required changes to 0.026% of the Lines-of-Code (LoC).<ref name="ecosystemviability" />
| |||