Secure Linking in the CheriBSD Operating System
Pointers are a foundational abstraction in C-language program structure and also a critical battleground for vulnerability exploit and mitigation techniques. Whereas conventional compilers and architectures implement pointers as integer virtual addresses, the CHERI architecture allows pointers to be implemented as capabilities in a way that is compatible with the semantics of the C language. In addition to the spatial protections offered by conventional fat pointers, CHERI capabilities offer strong integrity, enforced provenance validity, and access monotonicity. This talk will focus on the challenges and opportunities that CHERI brings to dynamic linking for C (and C++) programs running on a POSIX operating system (CheriBSD). I will also present possible design trade-offs and opportunities for strong memory protection and compartmentalization. Unlike commonly-used process-based compartmentalization my implementation does not require any changes to the library source code (beyond those required in order to compile as a pure-capability program). Moreover, the extent of privilege reduction can be adjusted both at run time and during compilation.
Sun 13 Jan
|11:00 - 11:30|
Craig DisselkoenUniversity of California San Diego, Tal GarfinkelStanford University, Deian StefanUniversity of California San Diego, Conrad WattUniversity of CambridgeFile Attached
|11:30 - 12:00|
Khilan GudkaUniversity of Cambridge, Alexander RichardsonUniversity of Cambridge, Robert N. M. WatsonUniversity of CambridgeFile Attached
|12:00 - 12:30|