Protecting C++ Applications Using CHERI
C++ remains the language of choice for writing large performant server and client applications but lacks memory- and type-safety and is thus vulnerable to spatial and temporal-related security attacks. The CHERI architecture provides fine-grained memory protection in hardware. We have developed the CHERI Clang/LLVM compiler that can compile existing C and C++ programs to CHERI, thus enabling strong memory protection with minimal changes to code. More recently, we have been looking at using CHERI to protect C++ applications: there are many interesting design-space questions as to how the CHERI protection model could be used to protect the C++ run-time (e.g. vtables) and C++ programs in general. We have been investigating some of these through the rendering engine WebKit, commonly used in popular web browsers. This talk will present some of the ways CHERI can be used in the context of C++ with the hope of inviting further discussion.
Sun 13 Jan
|11:00 - 11:30|
Craig DisselkoenUniversity of California San Diego, Tal GarfinkelStanford University, Deian StefanUniversity of California San Diego, Conrad WattUniversity of CambridgeFile Attached
|11:30 - 12:00|
Khilan GudkaUniversity of Cambridge, Alexander RichardsonUniversity of Cambridge, Robert N. M. WatsonUniversity of CambridgeFile Attached
|12:00 - 12:30|