2024
Conference Paper
Title

Cherifying Linux: A Practical View on using CHERI

Abstract
The CHERI ISA extension enables modern RISC CPU architectures such as RISC-V to enforce memory safety in C/C++ programs. Recent academic works [2, 7, 15] use CHERI for point solutions like constructing enclaves, verifying C programs, or hardening bytecode interpreters, but since the original construction of the CHERI-BSD OS-a FreeBSD port leveraging CHERI capabilities, by Cambridge University-little has been reported on what issues and problems arise when porting an existing operating system to benefit from hardware capabilities. This work distills problematic patterns and their solution from what we believe has been the first successful port of a full Linux system to CHERI hardware. In the interest of reproducibility and possible future CHERI or porting style improvements, we also report on the performance impact of our setup.
Author(s)
Wang, Kui
Kasatkin, Dmitry
Ahlrichs, Vincent
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Auer, Lukas  orcid-logo
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Hohentanner, Konrad
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Horsch, Julian  
Fraunhofer-Institut für Angewandte und Integrierte Sicherheit AISEC  
Ekberg, Jan Erik
Mainwork
Conference
Open Access
DOI
Additional full text version
Language
English
Keyword(s)