On Thu, 28 Jul 2022 21:15:09 +1200, I wrote:
“CHERI” is a project at Cambridge University based on a very old concept for implementing memory/process protection on computer hardware: that of “capabilities”. Instead of having specially-trusted kernel code run in a privileged mode that is allowed to do pretty much anything, capabilities allow for a more decentralized model, with distribution and separation of different areas of trust.
An update on this <https://www.theregister.com/2022/08/26/arm_cheri_morello/>, with some details of the techniques being used in ARM’s experimental Morello architecture to implement CHERI. This being an ongoing project, some implementation details are still in flux. Some promising results so far: As for the impact on software, Grisenthwaite said that the X11 KDE-based desktop environment in CheriBSD was ported to Morello in three months by a single engineer having to make changes to less than 0.03 percent of the 6 million lines of code, and that these changes delivered an assessed vulnerability and mitigation rate of some 73.8 percent. That amounts to changes to less than 1800 lines of code in KDE. Took three months, eh? That’s around 20 lines of code a day, which is double what Frederick “Mythical Man-Month” Brooks estimated was typical programmer productivity for large-systems development. Microsoft seems to agree about the benefits: Arm's confidence in Morello is backed up by a detailed study conducted by Microsoft Security Research Center (MSRC). This looked into all of the 2019 memory safety vulnerabilities that affected Microsoft products and required an update to fix, and Microsoft concluded that CHERI, when combined with other measures, would have mitigated at least two-thirds of those issues. Also note this: However, CHERI technologies are not patented and Arm is encouraging others in the computing industry to evaluate it, so Morello is serving as showcase of the technology for other architectures, Grisenthwaite said. No doubt “other” architectures will likely include RISC-V at some point...