The Community for Technology Leaders
Green Image
Issue No. 05 - Sept.-Oct. (2016 vol. 36)
ISSN: 0272-1732
pp: 38-49
Robert N.M. Watson , University of Cambridge
Robert M. Norton , University of Cambridge
Jonathan Woodruff , University of Cambridge
Simon W. Moore , University of Cambridge
Peter G. Neumann , SRI International
Jonathan Anderson , Memorial University
David Chisnall , University of Cambridge
Brooks Davis , SRI International
Ben Laurie , Google
Michael Roe , University of Cambridge
Nirav H. Dave , Google
Khilan Gudka , University of Cambridge
Alexandre Joannou , University of Cambridge
A. Theodore Markettos , University of Cambridge
Ed Maste , University of Cambridge
Steven J. Murdoch , University College London
Colin Rothwell , University of Cambridge
Stacey D. Son , University of Cambridge
Munraj Vadera , University of Cambridge
ABSTRACT
Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.
INDEX TERMS
Memory management, Systems modeling, Reduced instruction set computing, Program processors, Capability engineering
CITATION

R. N. Watson et al., "Fast Protection-Domain Crossing in the CHERI Capability-System Architecture," in IEEE Micro, vol. 36, no. 5, pp. 38-49, 2016.
doi:10.1109/MM.2016.84
321 ms
(Ver 3.3 (11022016))