Endpoint Security
,
Hardware / Chip-level Security
CHERI Architecture Enforces Memory Safety in Hardware
A U.K. government official on Tuesday touted the potential of a processor designed to prevent memory-based cyberattacks even as he acknowledged commercial hurdles to its widespread adoption.
See Also: OnDemand | Protecting Devices and Software from Next-Generation Cyberthreats
Designed with backing from the U.K. and U.S. governments, Capability Hardware Enhanced RISC Instructions – CHERI for short – gives “fine-grained memory protection and scalable software compartmentalization,” according to a 2021 paper by CHERI researchers.
“Rather than letting a software user find ways of it not get attacked, CHERI attempts to reduce the attack surface,” said John Goodacre, director of the U.K. government’s Digital Security by Design initiative, during a keynote address at Infosec Europe (see: Memory Safety by Design: How Emerging Hardware Blocks Bugs).
“The idea is: If we change how a computer accesses memory, then we fix the billions and billions of people having to come to be liable for their software,” he said. One commonly touted figure is that about 7 in 10 cyberattacks are traceable to memory-safety issues.
Multiple governments are urging the IT industry to take measures to close off memory attacks including switching from C/C++ programming languages to memory-safe languages such as Rust (see: Breach Roundup: White House Calls for Memory-Safe Languages).
An industry switch to CHERI wouldn’t require reprogramming entire code libraries to be memory-safe, said Peter Neumann, a computer scientist who’s a principle designer of the architecture.
CHERI “prevents you from executing anything that is not in the [software] stack,” he told Information Security Media Group in a brief interview. CHERI controls the creation of memory pointers by software, enforcing boundaries and authorized use, he said. Existing C libraries do need to be recompiled to function on the architecture, he said, but existing conversions show that only about 2% of the code needs to be modified.
Neumann also said the architecture’s name is a slight misnomer – although first designed for the RISC architecture, researchers have tested x86 implementations. “It’s painful, but it works,” he said.
Despite the chip’s advantages, Goodacre told conference goers a key challenge has been scaling up the project commercially, which requires companies to update their existing operating system and software applications. British semiconductor manufacturer Arm in early 2022 made demonstration boards using the CHERI architecture.
“We’re getting a lot of positive feedback,” Richard Grisenthwaite, chief architect and fellow at Arm, told a U.K. parliamentary committee in April. “People are looking at how this could be commercially deployed, but at the moment, we’re not at that stage.”
A major hurdle, Microsoft said in a 2022 blog post is the recompiling requirement. “No one wants to modify their code (potentially in invasive ways) to support an architecture with no industrial traction and no one wants to ship an [instruction set architecture] with no software.”
German processor design company Codasip appears to be the only company offering a commercial CHERI solution. It began licensing RSIC-V chips with CHERI in October.