Secure Linking in the CheriBSD Operating System
Pointers are a foundational abstraction in C-language program structure and also a critical battleground for vulnerability exploit and mitigation techniques. Whereas conventional compilers and architectures implement pointers as integer virtual addresses, the CHERI architecture allows pointers to be implemented as capabilities in a way that is compatible with the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. This talk will focus on the challenges and opportunities that CHERI brings to dynamic linking for C (and C++) programs running on a POSIX operating system (CheriBSD). I will also present possible design trade-offs and opportunities for strong memory protection and compartmentalization. Unlike commonly-used process-based compartmentalization my implementation does not require any changes to the library source code (beyond those required in order to compile as a pure-capability program). Moreover, the extent of privilege reduction can be adjusted both at run time and during compilation.
| Presentation (cheri-linkage-slides.pdf) | 8.59MiB |
Sun 13 Jan Times are displayed in time zone: Greenwich Mean Time : Belfast change
11:00 - 12:30: Session 2PriSC at Sala VI Chair(s): Dominique DevrieseVrije Universiteit Brussel, Belgium | |||
| 11:00 - 11:30 Talk | PriSC Craig DisselkoenUniversity of California San Diego, Tal GarfinkelStanford University, Deian StefanUniversity of California San Diego, Conrad WattUniversity of Cambridge File Attached | ||
| 11:30 - 12:00 Talk | PriSC Khilan GudkaUniversity of Cambridge, Alexander RichardsonUniversity of Cambridge, Robert N. M. WatsonUniversity of Cambridge File Attached | ||
| 12:00 - 12:30 Talk | PriSC File Attached | ||