English
Related papers

Related papers: Case Study: Securing MMU-less Linux Using CHERI

200 papers

Existing high-end embedded systems face frequent security attacks. Software compartmentalization is one technique to limit the attacks' effects to the compromised compartment and not the entire system. Unfortunately, the existing…

CHERI (Capability Hardware Enhanced RISC Instructions) is a novel hardware designed to address memory safety issues. By replacing traditional pointers with hardware capabilities, it enhances security in modern software systems. A Virtual…

Programming Languages · Computer Science 2026-03-09 Hanhaotian Liu , Tetsuro Yamazaki , Tomoharu Ugawa

Protecting data in memory from attackers continues to be a concern in computing systems. CHERI is a promising approach to achieve such protection, by providing and enforcing fine-grained memory protection directly in the hardware. Creating…

Up to 10% of memory-safety vulnerabilities in languages like C and C++ stem from uninitialized variables. This work addresses the prevalence and lack of adequate software mitigations for uninitialized memory issues, proposing architectural…

Cryptography and Security · Computer Science 2025-10-14 Merve Gülmez , Håkan Englund , Jan Tobias Mühlberg , Thomas Nyman

The widespread deployment of embedded systems in critical infrastructures, interconnected edge devices like autonomous drones, and smart industrial systems requires robust security measures. Compromised systems increase the risks of…

Emerging Technologies · Computer Science 2025-07-08 Donato Ferraro , Andrea Bastoni , Alexander Zuepke , Andrea Marongiu

Memory corruption attacks have been prevalent in software for a long time. Some mitigation strategies against these attacks do exist, but they are not as far-reaching or as efficient as the CHERI architecture. CHERI uses capabilities to…

Cryptography and Security · Computer Science 2026-01-28 Dariy Guzairov , Alex Potanin , Stephen Kell , Alwen Tiu

A digital security-by-design computer architecture, like CHERI, lets you program without fear of buffer overflows or other memory safety errors, but CHERI also rewrites some of the assumptions about how C works and how fundamental types…

Cryptography and Security · Computer Science 2025-07-01 Maysara Alhindi , Joseph Hallett

While the CHERI instruction-set architecture extensions for capabilities enable strong spatial memory safety, CHERI lacks built-in temporal safety, particularly for heap allocations. Prior attempts to augment CHERI with temporal safety fall…

Cryptography and Security · Computer Science 2026-02-11 Merve Gülmez , Ruben Sturm , Hossam ElAtali , Håkan Englund , Jonathan Woodruff , N. Asokan , Thomas Nyman

Memory-unsafe programming languages such as C and C++ are the preferred languages for systems programming, embedded systems, and performance-critical applications. The widespread use of these languages makes the risk of memory-related…

Cryptography and Security · Computer Science 2024-07-09 Sacha Ruchlejmer

Isolating sensitive state and data can increase the security and robustness of many applications. Examples include protecting cryptographic keys against exploits like OpenSSL's Heartbleed bug or protecting a language runtime from native…

Cryptography and Security · Computer Science 2019-06-05 Anjo Vahldiek-Oberwagner , Eslam Elnikety , Nuno O. Duarte , Michael Sammler , Peter Druschel , Deepak Garg

Several open-source memory allocators have been ported to CHERI, a hardware capability platform. In this paper we examine the security and performance of these allocators when run under CheriBSD on Arm's experimental Morello platform. We…

Software Engineering · Computer Science 2023-05-16 Jacob Bramley , Dejice Jacob , Andrei Lascu , Jeremy Singer , Laurence Tratt

Compartmentalization is a form of defensive software design in which an application is broken down into isolated but communicating components. Retrofitting compartmentalization into existing applications is often thought to be expensive…

Cryptography and Security · Computer Science 2023-09-22 John Alistair Kressel , Hugo Lefeuvre , Pierre Olivier

Capability machines such as CHERI provide memory capabilities that can be used by compilers to provide security benefits for compiled code (e.g., memory safety). The existing C to CHERI compiler, for example, achieves memory safety by…

Programming Languages · Computer Science 2021-05-05 Akram El-Korashy , Stelios Tsampas , Marco Patrignani , Dominique Devriese , Deepak Garg , Frank Piessens

In this work we present the Secure Machine, SeM for short, a CPU architecture extension for secure computing. SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts…

Cryptography and Security · Computer Science 2018-03-13 Ofir Shwartz , Yitzhak Birk

Transient execution side-channel attacks, such as Spectre, have been shown to break almost all isolation primitives. We introduce a new security property we call relaxed microarchitectural isolation (RMI) that allows sensitive programs that…

Cryptography and Security · Computer Science 2025-02-10 Jules Drean , Miguel Gomez-Garcia , Fisher Jepsen , Thomas Bourgeat , Srinivas Devadas

In this paper, we present PoisonCap: scalable temporal safety with strict use-after-free protection and initialisation safety for CHERI systems. Efficient memory safety is an increasing priority for programming languages, operating systems,…

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due to performance costs, deployed software CFI solutions are coarse grained. In this work, we demonstrate a precise…

Cryptography and Security · Computer Science 2019-12-10 Rémi Denis-Courmont , Hans Liljestrand , Carlos Chinea , Jan-Erik Ekberg

A substantial body of research has focused on formalising what constitutes a ``secure'' messaging system, recognising that end-to-end encryption alone is insufficient to capture the full range of security, privacy, and usability properties…

Cryptography and Security · Computer Science 2026-03-24 Hamish Alsop , Leandros Maglaras , Naghmeh Moradpoor

The kernels of operating systems such as Windows, Linux, and MacOS are vulnerable to control-flow hijacking. Defenses exist, but many require efficient intra-address-space isolation. Execute-only memory, for example, requires read…

Cryptography and Security · Computer Science 2021-08-04 Spyridoula Gravani , Mohammad Hedayati , John Criswell , Michael L. Scott

With the alarming rate of security advisories and privacy concerns on connected devices, there is an urgent need for strong isolation guarantees in resource-constrained devices that demand very lightweight solutions. However, the status quo…

Operating Systems · Computer Science 2020-04-13 Zahra Tarkhani , Anil Madhavapeddy
‹ Prev 1 2 3 10 Next ›