This document discusses the CHERI architecture and software model. It begins by thanking DARPA for over 9 years of funding for CHERI research, involving over 140 researcher years. It then provides a high-level introduction to the CHERI architectural model that underpins the Arm Morello board and how software works on CHERI, protecting memory at the language and language runtime levels. Finally, it discusses extending the CHERI software stack to support further research and development involving the Morello consortium and other partners.
1. Approved for public release; distribution is unlimited. This research is sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force
Research Laboratory (AFRL), under contract FA8750-10-C-0237. The views, opinions, and/or findings contained in this article/presentation are those of the
author(s)/presenter(s) and should not be interpreted as representing the official views or policies of the Department of Defense or the U.S. Government.
CHERI
Capability Hardware Enhanced RISC Instructions
Architecture and Software Model
Robert N. M.Watson, Simon W. Moore, Peter Sewell, Peter G. Neumann
Hesham Almatary, Jonathan Anderson, John Baldwin, Hadrien Barrel, Ruslan Bukin, David Chisnall, James Clarke, Nirav Dave,
Brooks Davis, Lawrence Esswood, Nathaniel W. Filardo, Khilan Gudka,Alexandre Joannou, Robert Kovacsics, Ben Laurie,
A.Theo Markettos, J. Edward Maste,Alfredo Mazzinghi,Alan Mujumdar, Prashanth Mundkur, Steven J. Murdoch, Edward Napierala,
Robert Norton-Wright, Philip Paeps, Lucian Paul-Trifu, Alex Richardson, Michael Roe, Colin Rothwell, Peter Rugg, Hassen Saidi,
Peter Sewell, Stacey Son, Domagoj Stolfa,Andrew Turner, MunrajVadera, Jonathan Woodruff, Hongyan Xia, and Bjoern A. Zeeb
University of Cambridge and SRI International
ISCF Digital Security by Design: Technology Enabled Business-Led Demonstrator Stage 1 Workshop
17 March 2020
2. Approved for public release; distribution is unlimited.
This work was supported by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research
Laboratory (AFRL), under contract FA8750-10-C-0237 (“CTSRD”), with additional support from FA8750-11-C-0249
(“MRC2”), HR0011-18-C-0016 (“ECATS”), and FA8650-18-C-7809 (“CIFV”) as part of the DARPA CRASH, MRC, and
SSITH research programs.
The views, opinions, and/or findings contained in this report are those of the authors and should not be interpreted as
representing the official views or policies of the Department of Defense or the U.S. Government.
We also acknowledge the EPSRC REMS Programme Grant (EP/K008528/1), the ERC ELVER Advanced Grant (789108), the
Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF),Thales E-Security, Microsoft Research Cambridge,
Arm Limited, Google, Google DeepMind, HP Enterprise, and the Gates Cambridge Trust.
2
Thanking our primary sponsor: DARPA
Funded 9+ years of research into CHERI
and 140+ researcher years of effort so far
4. Introduction
• Background to the CHERI architectural model that underpins the
Arm Morello board
• How software works on CHERI
4
To learn more about the CHERI architecture and prototypes:
http://www.cheri-cpu.org/
Watson, et al. An Introduction to CHERI,Technical Report
UCAM-CL-TR-941, Computer Laboratory, September 2019. (~40 pages)
Watson, et al. Capability Hardware Enhanced RISC Instructions:
CHERI Instruction-Set Architecture (Version 7),Technical Report
UCAM-CL-TR-927, Computer Laboratory, June 2019. (~500 pages)
5. Motivation – Memory Safety
“Buffer overflows have not objectively gone down in the last 40 years.
The impact of buffer overflows have if anything gone up.”
Ian Levy, NCSC
• Matt Miller (MS Response Center) @ BlueHat 2019:
• From 2006 to 2018, year after year, 70% MSFT CVEs are memory safety bugs.
• First place: spatial safety
• Addressed directly by CHERI
• Second place: use after free
• Our recent work exploiting CHERI capability validity tags to precisely find
pointers
7. CHERI ISA Refinement over 9 years
7
Year Version Description
2010-
2012
ISAv1
RISC capability-system model w/64-bit MIPS
Capability registers, tagged memory
Guarded manipulation of registers
2012 ISAv2
Extended tagging to capability registers
Capability-aware exception handling
Boots an MMU-based OS with CHERI support
2014 ISAv3
Fat pointers + capabilities, compiler support
Instructions to optimize hybrid code
Sealed capabilities, CCall/CReturn
2015 ISAv4
MMU-CHERI integration (TLB permissions)
ISA support for compressed 128-bit capabilities
HW-accelerated domain switching
Multicore instructions: full suite of LL/SC variants
2016 ISAv5
CHERI-128 compressed capability model
Improved generated code efficiency
Initial in-kernel privilege limitations
2017 ISAv6
Mature kernel privilege limitations
Further generated code efficiency
Architectural portability: CHERI-x86 and CHERI-RISC-V sketches
Exception-free domain transition
2019 ISAv7
64-bit capabilities for 32-bit architectures
Elaborated draft CHERI-RISC-V ISA
Architectural performance optimization for C++ applications
Temporal memory safety
Microarchitectural side-channel resistance features
RISC+MMU
+capabilities
C+
capabilities
Compartment
-alization
128-bit,codeefficiency
In-kerneluse;
non-MIPSISAs
Temporal
memory
safety
8. Principles CHERI helps to uphold
• The principle of intentional use
• Ensure that software runs the way the programmer intended,
not the way the attacker tricked it
• For example, guaranteed pointer integrity & provenance, with
efficient dynamic bounds checking
• The principle of least privilege
• Reduce the attack surface using software compartmentalization
• Mitigates known and unknown vulnerability and exploit classes
• Approach: highly scalable and efficient compartmentalization
8
10. CHERI adds a new type – the Capability
• CHERI Capability = bounds checked pointer with integrity
• Held in memory and in (new or extended) registers
10
address
permissions compressed bounds (top, bottom) s
64-bits
v
hidden validity/integrity tag
128-bits
11. A new type – the Capability
11
address
permissions compressed bounds (top, bottom) sv
virtual memory
12. critical property for security
monotonic decrease in rights guaranteed
by formally verified hardware
New Instructions
12
• Memory access
• Loads and stores via a bounds checked capability
• Exception if address is out of range
• Guarded manipulation of capabilities
• Decrease bounds
• Decrease permissions
• Adjust the address
• Extract/test fields
• Constrained non-monotonic domain transition instructions for
compartmentalisation
13. CHERI is a portable protection model
• Early research on CHERI extended the MIPS architecture
• But, like virtual memory, the CHERI protection model can be
portable while its integration into an ISA can be specific to that ISA
• Current research on an open-source CHERI-RISC-V
• CHERI-ARM prototype under this programme: Morello
• Draft CHERI-extended x86 sketch
• Formal specifications and verification of key security properties
• Read about these in our CHERI ISAv7 technical report, and Arm’s
forthcoming Morello specification
13
15. CHERI-based pure-capability process memory
15
• Capabilities are substituted for integer addresses throughout the address space
• Bounds and permissions are minimized by software including the kernel, run-time
linker, memory allocator, and compiler-generated code
• Hardware permits fetch, load, and store only through granted capabilities
• Tags ensure integrity and provenance validity of all pointers
Memory
StackCode
Heap
Implied
pointer
Explicit
pointer
…
Thread
register
file
PLTs
Globals
captable
DDC
PCC
GPRs
NULL
NULL
NULL
16. Memory protection for the language and the language runtime
• Capabilities are refined by the kernel, run-time linker,
compiler-generated code, heap allocator, …
• Protection mechanisms:
• Spatial memory safety + privilege minimization
• Temporal memory safety
• Referential memory safety
• Applied at two levels:
• Language-level pointers point explicitly at stack
and heap allocations, global variables, …
• Sub-language pointers used to implement
control flow, linkage, etc.
• Sub-language protection mitigates bugs in the language
runtime and generated code, as well as attacks that
cannot be mitigated by higher-level memory safety
16
Language-level memory safety
Pointers to heap
allocations
Pointers to stack
allocations
Pointers to
global variables
Pointers toTLS
variables
Function
pointers Pointers to
memory mappings
Pointers to sub-
objects
Sub-language memory safety
GOT
pointersReturn
addresses
PLT entry
pointers
ELF aux arg
pointers
Stack
pointers
C++ v-table
pointers
Vararg array
pointers
17. CheriBSD:A pure-capability operating system
• Complete memory- and pointer-safe FreeBSD C/C++ kernel + userspace
• OS kernel: Core OS kernel, filesystems, networking, device drivers, …
• System libraries: crt/csu, libc, zlib, libxml, libssl, …
• System tools and daemons: echo, sh, ls, openssl, ssh, sshd, …
• Applications: PostgreSQL, nginx,WebKit (C++)
• Valid provenance, minimized privilege for pointers, impliedVAs
• Userspace capabilities originate in kernel-provided roots
• Compiler, allocators, run-time linker, etc., refine bounds and perms
• Trading off privilege minimization, monotonicity, API conformance
• Typically in memory management – realloc(), mmap() + mprotect()
17
18. CheriABI: Pure-capability CheriBSD userspace
• Received best paper award at ASPLOS, April 2019
• Complete pure-capability UNIX OS userspace with spatial memory safety
• Usable for daily development tasks
• Almost all FreeBSD tests pass
• Management interfaces (e.g. ioctl), debugging, etc., work
• Large, real-world applications have been ported: PostgreSQL and WebKit
CheriABI: Enforcing Valid Pointer Provenance and
Minimizing Pointer Privilege in the POSIX C
Run-time Environment
Brooks Davis∗
brooks.davis@sri.com
Robert N. M. Watson†
robert.watson@cl.cam.ac.uk
Alexander Richardson†
alexander.richardson@cl.cam.ac.uk
Peter G. Neumann∗
peter.neumann@sri.com
Simon W. Moore†
simon.moore@cl.cam.ac.uk
John Baldwin‡
john@araratriver.co
David Chisnall§
David.Chisnall@microso.com
James Clarke†
james.clarke@cl.cam.ac.uk
Nathaniel Wesley Filardo†
nwf20@cam.ac.uk
Khilan Gudka†
khilan.gudka@cl.cam.ac.uk
Alexandre Joannou†
alexandre.joannou@cl.cam.ac.uk
Ben Laurie
benl@google.com
A. Theodore Markettos†
theo.markeos@cl.cam.ac.uk
J. Edward Maste†
emaste@freebsd.org
Alfredo Mazzinghi†
am2419@cam.ac.uk
Edward Tomasz Napierala†
trasz@freebsd.org
Robert M. Norton†
robert.norton@cl.cam.ac.uk
Michael Roe†
michael.roe@cl.cam.ac.uk
Peter Sewell†
peter.sewell@cl.cam.ac.uk
Stacey Son†
sson@me.com
Jonathan Woodru†
jonwoodru@gmail.com
∗SRI International, Menlo Park, CA, United States †University of Cambridge, Cambridge, UK
‡Ararat River Consulting, Walnut Creek, CA, United States §Microsoft Research, Cambridge, UK
19. Example of past vulnerabilities: Google iOS zero days
• Google Project Zero released and analysed a set of
“discovered” zero-day exploit chains against Apple iOS
• Current CHERI mitigations address all of the exploit
chains at the first stage, even w/o temporal safety, but:
• Every chain relies on heap aliasing (temporal
vulnerability) as an intermediate step for kernel
control
• Chain 5 suggests that CHERI-aware exploits taking
advantage of temporal safety vulnerabilities might
be possible
• Further set of WebKit JavaScript Core (JSC) exploits
still under analysis – but confusion between JavaScript
heap data and pointers .. promising?
19
Initial
vulnerability
Exploit
technique
C1 spatial -
C2 temporal
data pointer
injection
C3 Sandbox spatial -
C3 Kernel temporal
data pointer
injection
C4 Sandbox temporal
code pointer
injection
C4 Kernel spatial -
C5 temporal
data pointer
injection
21. Software compartmentalization decomposes software into
isolated compartments that are delegated limited rights
Application-level least privilege
Able to mitigate not only unknown vulnerabilities, but also
as-yet undiscovered classes of vulnerabilities and exploits
Potential compartmentalization
boundaries matching reasonable
user expectations for least privilege
can be found in many user-facing apps.
E.g., a malicious email attachment
should not be able to gain access to
other attachments, messages, folders,
accounts, or the system as a whole.
22. Shared virtual address space
Register
fileProtection
domain
A
Protection
domain
B
Shared
heap
Domain-specific
captables + PLTs
Domain-specific
stacks
Domain-specific
globals
Heap
allocations
Register
file Domain B
heap
Domain A
heap
Cross-
domain
resources
Shared
code
Implied
pointer
Explicit
pointer
CHERI-based compartmentalization
• Isolated compartments can be created using closed graphs of capabilities,
combined with a constrained non-monotonic domain-transition mechanism
22
Protection
domain A
Protection
Domain B
Flexible set of
shared resources
23. Proposed models: Isolated libraries and UNIX co-processes
We have demonstrated CHERI compartmentalization in early work [Watson’15],
but are still developing clear and usable operational models, such as:
Isolated dynamically linked libraries
• New API loads libraries into in-process sandboxes.
• Calling functions in isolated libraries performs a domain transition, with
overheads comparable to function calls.
• Simple model eschews asynchrony, independent debugging, etc.
UNIX co-processes
• Multiple processes share a single virtual address space, separated using
independent CHERI capability graphs.
• CHERI capabilities enable efficient sharing, domain transition.
• Rich model associates UNIX process with each compartment.
We aim to ship prototypes during DSbD via CheriBSD/Morello software updates.
23
24. Premature results: IPC ping-pong microbenchmark
24
1
10
100
1000
10000
100000
1000000
10000000
1 10 100 1000 10000 100000 1000000
CyclesonFPGA
Payload in bytes
Co-process vs. pipe(2) ping-ping
Memory-copy semantics with multi-byte payload
Co-process pipe(2)
Lowerisbetter
99% 99%
68%
42%
21%
89%
98%
% reduction in cycles for round-trip sending
a message of X bytes to a second process,
which then replies with the same bytes back
The fine print: Cycles include IPC setup, amortized over 10,000 iterations of
the IPC loop. Both processes use the pure-capability ABI using 256-bit
capabilities. 272-entry TLB, 32K L1 I-Cache, 32K L1 D-Cache, 256K L2 Cache.
25. Opportunities and challenges
• CHERI dramatically improves compartmentalization scalability
• More compartments
• More frequent domain transitions
• Faster shared memory between compartments
• Many potential use cases – e.g., sandbox processing of each image
in a web browser, processing each message in a mail application
• Unlike memory protection, software compartmentalization also
requires careful software refactoring to support strong
encapsulation, and affects software operational model
25
27. Extending the CHERI software stack
• Building on our DARPA-funded reference CHERI software stack
• 3-to-4-year RD requires stable + enabling platform for:
• Morello consortium: Arm, Linaro, Cambridge, Edinburgh
• Other consortium industry partners (e.g., Google, Microsoft, …)
• EPSRC-funded academic RD community
• Innovate-funded industrial RD community
• Potential other participants (e.g., DARPA-supported)
• Target use cases include Morello evaluation, Morello demonstrator
prototyping, further CHERI hardware and software RD
27
28. Worked demonstration of CHERI SW objectives
Efficient fine-grained C/C++-language memory protection
Through recompilation and minor source-code changes, eliminate
buffer overflows, pointer corruption and injection, some forms of
pointer type confusion – both of explicit C/C++ types/structures
and also in the language runtime itself – with low overhead.
Scalable software compartmentalization
Improve the performance, scalability, and programmability of fine-
grained software isolation and communication to enable new
software design patterns resisting a variety of adversary models.
28
29. Software prototype stack on Morello
• Complete hybrid software stack from bare metal up: compilers,
toolchain, debuggers, operating systems, applications
• Focused on incremental, rather than clean-slate, CHERI deployment
29
CHERI-extended Google Hafnium hypervisor
CHERI Clang/LLVM compiler suite, LLD, LLDB, GDB
CheriBSD/Morello (DARPA)
• FreeBSD kernel + userspace, application stack
• Kernel spatial and referential memory protection
• Userspace spatial, referential, and temporal memory protection
• Intra-process compartmentalization + co-processes
• Aarch64 binary compatibility to allow running non-Morello code
Open-source application suite
(WebKit,Wayland, Python, OpenSSH, nginx, PostgresQL …)
Android (Arm)
31. Conclusions
• CHERI enables new software models through hardware support for:
• Fine-grained memory protection
• Scalable software compartmentalization
• Developed over ten years of DARPA-supported hardware-software co-design
• Arm’s Morello SoC will demonstrate these concepts at industrial scale via a
contemporary high-performance implementation
• The open-source DARPA CHERI software stack will provide a rich baseline
software reference design for prototyping, further RD activities
• Prototypes available from late 2020 when ISA models ship
• Thanks to sponsors: DARPA,ARM, Google, EPSRC, HEIF, Isaac NewtonTrust, NCSC,
Thales E-Security, HP Labs
31
Project web pages:
http://cheri-cpu.org/
32. Invitation to collaborate
• It is an exciting moment for CHERI
• Finally able to talk about a significant industrial collaboration
• Experimental adaptations to mainstream architecture(s)
• Rich and maturing software baselines for experimentation
• Strong formal foundations available to be built on
• Multiple opportunities to grow the CHERI research community
www.cheri-cpu.org
• Watson, et al. An Introduction to CHERI,Technical Report UCAM-CL-TR-941,
Computer Laboratory, September 2019.
• Watson, Moore, Sewell, and Neumann. Capability Hardware Enhanced RISC
Instructions: CHERI Instruction-Set Architecture (Version 7),Technical
Report UCAM-CL-TR-927, Computer Laboratory, June 2019.
32