CHERI: Architectural Support for Memory Protection and Software Compartmentalization

CHERI is a processor architecture protection model enabling fine-grained C/C++ memory protection and scalable software compartmentalization. CHEIR hybridizes conventional processor, instruction-set, and software designs with an architectural capability model. Originating in DARPA’s CRASH research program in 2010, the work has progressed from FPGA prototypes to the recently released Arm Morello prototype processor and SoC implementing CHERI principles, and Microsoft’s CHERIoT microcontroller. This talk will introduce the design principles of CHERI, explain how software works on the platform, and explore the large-scale evaluation case studies based on tens of millions of lines of open-source code. It will conclude by exploring future research directions as well as in-progress transition into industrial use.  

Robert Watson is a professor in systems, security, and architecture at the University of Cambridge Computer Laboratory. He is involved in several research groups at the lab, including Security, Networks and Operating Systems, and Computer Architecture. He leads a number of cross-layer research projects spanning computer architecture, compilers, program analysis, program transformation, operating systems, networking, and security. He has strong interests in open-source software, is on the board of directors of the FreeBSD Foundation, and has contributed extensively to the FreeBSD Project. He is a coauthor on the Design and Implementation of the FreeBSD Operating System (second edition) published by Pearson.