CheriRTOS: A Capability Model for Embedded Devices

Thumbnail
View / Open Files
Authors
  Xia, Hongyan
Woodruff, Jonathan
Barral, H
Esswood, Lawrence
Joannou, A
Kovacsics, R
Chisnall, D
Publication Date
2019-01-16
Journal Title
Proceedings - 2018 IEEE 36th International Conference on Computer Design, ICCD 2018
ISSN
1063-6404
ISBN
9781538684771
Pages
92-99
Type
Conference Object
This Version
AM
Metadata
Show full item record
Citation
Xia, H., Woodruff, J., Barral, H., Esswood, L., Joannou, A., Kovacsics, R., Chisnall, D., et al. (2019). CheriRTOS: A Capability Model for Embedded Devices. Proceedings - 2018 IEEE 36th International Conference on Computer Design, ICCD 2018, 92-99. https://doi.org/10.1109/ICCD.2018.00023
Abstract
Embedded systems are deployed ubiquitously among various sectors including automotive, medical, robotics and avionics. As these devices become increasingly connected, the attack surface also increases tremendously; new mechanisms must be deployed to defend against more sophisticated attacks while not violating resource constraints. In this paper we present CheriRTOS on CHERI-64, a hardware-software platform atop Capability Hardware Enhanced RISC Instructions (CHERI) for embedded systems. Our system provides efficient and scalable task isolation, fast and secure inter-task communication, fine-grained memory safety, and real-time guarantees, using hardware capabilities as the sole protection mechanism. We summarize state-of-the-art se- curity and memory safety for embedded systems for comparison with our platform, illustrating the superior substrate provided by CHERI’s capabilities. Finally, our evaluations show that a capability system can be implemented within the constraints of embedded systems.
Sponsorship
EPSRC (1650060)
EPSRC (EP/K008528/1)
Identifiers
External DOI: https://doi.org/10.1109/ICCD.2018.00023
This record's URL: https://www.repository.cam.ac.uk/handle/1810/287872

Rights
Licence:
http://www.rioxx.net/licenses/all-rights-reserved