Show simple item record

dc.contributor.authorWatson, Robert Nicholasen
dc.contributor.authorNorton, Roberten
dc.contributor.authorWoodruff, Jonathanen
dc.contributor.authorJoannou, Alexandreen
dc.contributor.authorMoore, Simon Williamen
dc.contributor.authorNeumann, Peter Gen
dc.contributor.authorAnderson, Jonathanen
dc.contributor.authorChisnall, Daviden
dc.contributor.authorDave, Niraven
dc.contributor.authorDavis, Brooksen
dc.contributor.authorGudka, Khilanen
dc.contributor.authorLaurie, Benen
dc.contributor.authorMarkettos, Athanasios Theodoreen
dc.contributor.authorMaste, Eden
dc.contributor.authorMurdoch, Steven Jamesen
dc.contributor.authorRoe, Michaelen
dc.contributor.authorRothwell, Colinen
dc.contributor.authorSon, Staceyen
dc.contributor.authorVadera, Munrajen
dc.date.accessioned2016-08-11T13:56:21Z
dc.date.available2016-08-11T13:56:21Z
dc.date.issued2016-10-27en
dc.identifier.urihttps://www.repository.cam.ac.uk/handle/1810/257042
dc.description.abstractCapability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.
dc.description.sponsorshipThis work is part of the CTSRD and MRC2 projects sponsored by the Defense Advanced Research Projects Agency (DARPA) and the Air Force Research Laboratory (AFRL), under contracts FA8750-10-C-0237 and FA8750-11-C-0249. We also acknowledge the Engineering and Physical Sciences Research Council (EPSRC) REMS Programme Grant [EP/K008528/1], the EPSRC Impact Acceleration Account [EP/K503757/1], EPSRC/ARM iCASE studentship [13220009], Microsoft studentship [MRS2011-031], the Isaac Newton Trust, the UK Higher Education Innovation Fund (HEIF), Thales E-Security, and Google, Inc.
dc.languageEnglishen
dc.language.isoenen
dc.publisherIEEE
dc.titleFast Protection-Domain Crossing in the CHERI Capability-System Architectureen
dc.typeArticle
dc.description.versionThis is the author accepted manuscript. The final version of the article can be found at: http://ieeexplore.ieee.org/document/7723791/en
prism.endingPage49
prism.publicationDate2016en
prism.publicationNameIEEE Microen
prism.startingPage38
prism.volume36en
dc.identifier.doi10.17863/CAM.971
datacite.cites.urlhttps://www.cl.cam.ac.uk/research/security/ctsrd/data/en
dcterms.dateAccepted2016-07-02en
rioxxterms.versionofrecord10.1109/MM.2016.84en
rioxxterms.versionAMen
rioxxterms.licenseref.urihttp://www.rioxx.net/licenses/all-rights-reserveden
rioxxterms.licenseref.startdate2016-10-27en
dc.contributor.orcidMoore, Simon William [0000-0002-2806-495X]
rioxxterms.typeJournal Article/Reviewen
pubs.funder-project-idEngineering and Physical Sciences Research Council (EP/K008528/1)


Files in this item

Thumbnail

This item appears in the following Collection(s)

Show simple item record