Proceedings - 2018 IEEE 36th International Conference on Computer Design, ICCD 2018
Doi
Abstract
Embedded systems are deployed ubiquitously
among various sectors including automotive, medical, robotics
and avionics. As these devices become increasingly connected,
the attack surface also increases tremendously; new mechanisms
must be deployed to defend against more sophisticated attacks
while not violating resource constraints. In this paper we present
CheriRTOS on CHERI-64, a hardware-software platform atop
Capability Hardware Enhanced RISC Instructions (CHERI) for
embedded systems.
Our system provides efficient and scalable task isolation,
fast and secure inter-task communication, fine-grained memory
safety, and real-time guarantees, using hardware capabilities as
the sole protection mechanism. We summarize state-of-the-art se-
curity and memory safety for embedded systems for comparison
with our platform, illustrating the superior substrate provided
by CHERI’s capabilities. Finally, our evaluations show that a
capability system can be implemented within the constraints of
embedded systems