Content deleted Content added
Guy Harris (talk | contribs) Point to the Wayback Machine copy of the paper at its "archived Biden administration site" ___location. |
m Open access bot: doi updated in citation with #oabot. |
||
Line 26:
The architecture introduces hardware complexity due to the tag-bit mechanisms and capability checks required for enforcing memory safety. Although optimisations have been implemented to minimise these impacts,<ref name=":1" /> the performance trade-offs can vary depending on specific workloads and specific implementations. Additionally, CHERI requires modifications to both software and hardware ecosystems. Implementations such as Morello allow unmodified binaries to run but these do not get any additional security benefits. Software must be recompiled or adapted to utilise CHERI's capability-based model, and hardware manufacturers must incorporate CHERI extensions into their designs.
Standardisation remains an ongoing effort. While initiatives such as the CHERI Alliance<ref>{{Cite web |title=CHERI Alliance – Industry-led security technology |url=https://cheri-alliance.org |access-date=2025-01-27 |website=CHERI Alliance |language=en-US}}</ref> and RISC-V standardisation<ref name=":2" /> aim to establish broader support, the lack of widely accepted industry standards for CHERI features have delayed adoption. Adapting legacy software or retrofitting existing systems to work with CHERI can be challenging, particularly for large and heterogeneous codebases. The difficulty often stems from programming practices used during the software's original development, such as implementing custom memory management, where identifying pointers from integers can be particularly problematic.<ref>{{cite journal |author1=Robert N.M. Watson |author2=David Chisnall |author3=Jessica Clarke |author4=Brooks Davis |author5=Nathaniel Wesley Filardo |author6=Ben Laurie |author7=Simon W. Moore |author8=Peter G. Neumann |author9=Alexander Richardson |author10=Peter Sewell |author11=Konrad Witaszczyk |author12=Jonathan Woodruff |title=CHERI: Hardware-Enabled C/C++ Memory Protection at Scale |journal=IEEE Security & Privacy |volume=22 |issue=4 |pages=50–61 |date=July–August 2024|doi=10.1109/MSEC.2024.3396701 |doi-access=free }}</ref>
== CHERI implementations ==
| |||