2 research outputs found
Recommended from our members
Case Study: Securing MMU-less Linux Using CHERI
MMU-less Linux variant lacks security because it does not have protection or isolation mechanisms.
It also does not use MPUs as they do not fit with its software model because of the design drawbacks
of MPUs (i. e. coarse-grained protection with fixed number of protected regions). We secure the
existing MMU-less Linux version of the RISC-V port using CHERI. CHERI is a hardware-software
capability-based system that extends the ISA, toolchain, programming languages, operating systems,
and applications in order to provide complete pointer and memory safety. We believe that CHERI
could provide significant security guarantees for high-end dynamic MMU-less embedded systems at
lower costs, compared to MMUs and MPUs, by: 1) building the entire software stack in pure-capability
CHERI C mode which provides complete spatial memory safety at the kernel and user-level, 2)
isolating user programs as separate ELFs, each with its own CHERI-based capability table; this
provides spatial memory safety similar to what the MMU offers (i. e. user programs cannot access
each other’s memory), 3) isolating user programs from the kernel as the kernel has its own capability
table from the users and vice versa, and 4) compartmentalising kernel modules using CompartOS’
linkage-based compartmentalisation. This offers a new security front that is not possible using
the current MMU-based Linux, where vulnerable/malicious kernel modules (e. g. device drivers)
executing in the kernel space would not compromise or take down the entire system. These are the four
main contributions of this paper, presenting novel CHERI-based mechanisms to secure MMU-less
embedded Linux.Defense Advanced Research Projects Agency (DARPA)
under contract HR001123C0031 (“MTSS”
Recommended from our members
Research data supporting 'Cornucopia: Temporal Safety for CHERI Heaps'
Source code for CheriBSD, snmalloc, dlmalloc, and the allocator shim ("mrs") used for the Cornucopia experiments. See README.txt file for details of each file and associated licences