CheriRTOS: A Capability Model for Embedded Devices
View / Open Files
Publication Date
2018Journal Title
Proceedings - 2018 IEEE 36th International Conference on Computer Design, ICCD 2018
Conference Name
2018 IEEE 36th International Conference on Computer Design (ICCD)
ISSN
1063-6404
ISBN
9781538684771
Publisher
IEEE
Pages
92-99
Type
Conference Object
This Version
AM
Metadata
Show full item recordAbstract
Embedded systems are deployed ubiquitously
among various sectors including automotive, medical, robotics
and avionics. As these devices become increasingly connected,
the attack surface also increases tremendously; new mechanisms
must be deployed to defend against more sophisticated attacks
while not violating resource constraints. In this paper we present
CheriRTOS on CHERI-64, a hardware-software platform atop
Capability Hardware Enhanced RISC Instructions (CHERI) for
embedded systems.
Our system provides efficient and scalable task isolation,
fast and secure inter-task communication, fine-grained memory
safety, and real-time guarantees, using hardware capabilities as
the sole protection mechanism. We summarize state-of-the-art se-
curity and memory safety for embedded systems for comparison
with our platform, illustrating the superior substrate provided
by CHERI’s capabilities. Finally, our evaluations show that a
capability system can be implemented within the constraints of
embedded systems.
Sponsorship
EPSRC (1650060)
Engineering and Physical Sciences Research Council (EP/K008528/1)
Engineering and Physical Sciences Research Council (1778326)
Identifiers
External DOI: https://doi.org/10.1109/ICCD.2018.00023
This record's URL: https://www.repository.cam.ac.uk/handle/1810/287872
Rights
Licence:
http://www.rioxx.net/licenses/all-rights-reserved
Statistics
Total file downloads (since January 2020). For more information on metrics see the
IRUS guide.