Repository logo
 

CheriRTOS: A Capability Model for Embedded Devices

Accepted version
Peer-reviewed

Type

Conference Object

Change log

Authors

Woodruff, J 
Barral, H 
Esswood, L 
Joannou, A 

Abstract

Embedded systems are deployed ubiquitously among various sectors including automotive, medical, robotics and avionics. As these devices become increasingly connected, the attack surface also increases tremendously; new mechanisms must be deployed to defend against more sophisticated attacks while not violating resource constraints. In this paper we present CheriRTOS on CHERI-64, a hardware-software platform atop Capability Hardware Enhanced RISC Instructions (CHERI) for embedded systems.

Our system provides efficient and scalable task isolation, fast and secure inter-task communication, fine-grained memory safety, and real-time guarantees, using hardware capabilities as the sole protection mechanism. We summarize state-of-the-art se- curity and memory safety for embedded systems for comparison with our platform, illustrating the superior substrate provided by CHERI’s capabilities. Finally, our evaluations show that a capability system can be implemented within the constraints of embedded systems.

Description

Keywords

46 Information and Computing Sciences, 4604 Cybersecurity and Privacy, Generic health relevance

Journal Title

Proceedings - 2018 IEEE 36th International Conference on Computer Design, ICCD 2018

Conference Name

2018 IEEE 36th International Conference on Computer Design (ICCD)

Journal ISSN

1063-6404

Volume Title

Publisher

IEEE
Sponsorship
EPSRC (1650060)
Engineering and Physical Sciences Research Council (EP/K008528/1)
Engineering and Physical Sciences Research Council (1778326)