1. Summary
➀ CHERI is to mitigate memory-related vulnerabilities in C-language TCBs.
➁ It supplements the conventional Memory Management Unit.
➂ It supports a virtual-memory-based process with capability coprocessor to implement fine-grained, compiler-directed memory protection.
➃ CHERI allows binary-compatible improvements in security and robustness, without modifying contaning applications.
➄ It is open-sourced hardware and software design to support greater experimental reproducibility.
2. Related work Summary
➀ CHERI is strongly influenced by M-Machine which provided tagged memory in support of fine-grained memory capabilities.
➁ But, Unlike M-Machine, CHERI maintains source-code and binary compatibility with current software stacks through retention.
3.The good
➀ It has co-evolved with both access-control and capability-system techniques.
➁ It makes Hybrid capability/MMU OSes, from MMU-based OSes and Pure capability OSes.
➂ It do not need a application modification.
4. The Bad
It has some overheads rather than normal PC.
5. Your Comment
I think Its 1bit Tagged system allows safe concurrent access from multi cores.
But, If problem is arose in CHERI’s 1bit tag, Will Its concurrent access from multi cores make some problems?
'정보보안 > 커널 보안' 카테고리의 다른 글
| Iago Attack Summary (0) | 2015.10.15 |
|---|---|
| TrustVisor Summary (0) | 2015.10.15 |
| ATRA Summary (0) | 2015.10.15 |
| KI-Mon Summary (0) | 2015.10.15 |
| Vigilare Summary (0) | 2015.10.15 |