10th USENIX Workshop on Theory and Practice of Provenance
Doi
Abstract
We design and implement a framework for tracking pointer
provenance, using our CHERI fat-pointer capability architec-
ture to facilitate analysis of security implications of program
pointer flows in both user and privileged code, with mini-
mal instrumentation. CHERI enforces pointer provenance
validity at the architectural level, in the presence of complex
pointer arithmetic and type casting. CHERI present new op-
portunities for provenance research: we discuss use cases
and highlight lessons and open questions from our work.DARPA/AFRL FA8750-10-C-0237, Google Chrome University Research Program Awar
