Fundamentally more secure computer systems: the CHERI approach
In collaboration with SRI International (California), members of the Computer Architecture and Security groups in the Cambridge Computer Laboratory have spent over eight year exploring fundamentally more secure ways of building computer systems. Starting with a conventional microprocessor, we have added augmented the hardware/software interface with new compartmentalisation primitives that allow security critical properties of software to be better represented. This ensures that the hardware better understands the software that it is running, so is better able to run the code as the programmer intended, not as the attacker tricked it. Compartmentalisation allows software to exploit the principle of least privilege, a fundamental idea in computer security dating back to the 1960s but is ill supported by prior computers.
Our new microprocessor (CHERI), operating system (CheriBSD based on FreeBSD) and compiler support (based on Clang/LLVM) can run existing software while allowing security enhancements to be added automatically via recompilation of the software, and through the developer adding compartmentalisation. We have demonstrated automatic exploit mitigation of security vulnerabilities like Heartbleed (that his banking) and WannaCry (that hit the NHS), as well as mitigating common place buffer overflow/underflow and many return-oriented programming (ROP) and jump-oriented programming (JOP) attacks.
This radical approach was made possible through substantial US government funding (tens of millions of dollars) for a large team over eight years. We have been able to straddle many levels of abstraction that commercially are typically different industries, resulting in market failure. In particular, the hardware and software industries are separate, limiting their ability to optimise across the hardware/software divide.
We are currently working with large industrial players and government actors to bring the technology to the masses. We believe that this new technology can make computer systems far more trustworthy than they are today.
