Discover CHERI

Capability Hardware Enhanced RISC Instructions

CHERI security technology improves system security at runtime by extending conventional hardware ISAs with new architectural features. Now that the technology has matured to a point where general use is possible, the CHERI Alliance promotes CHERI as an efficient security standard for the commercial sphere.
CHERI logo

Discover the CHERI security technology

The CHERI technology was originally developed by the University of Cambridge. The technology has matured and reached a tipping point where general use becomes possible. The mission of the CHERI Alliance is to provide a framework that will drive and promote CHERI as an efficient security standard so that it is successfully deployed commercially.

Capability Hardware Enhanced RISC Instructions

The CHERI security technology provides a preventive approach that improves system security at runtime by extending conventional hardware ISAs with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization.

The billions of lines of C code that we use daily use pointers to memory that are inherently risky, and very often used by hackers to access data that they are not supposed to view ormodify. CHERI replaces pointers with capabilities that prevent these abuses and adds watertight boundaries between different software functions. By construction, these hardware features cannot be bypassed, and a simple code re-compilation is often what it takes to get protected. No need to rewrite billions of lines of code.

The CHERI technology provides the robustness needed to address unexpected software defects and memory vulnerabilities, which would otherwise enable cyberattacks that target memory misuse. These are the most common attacks, which each year represent around 70% of newly detected software vulnerabilities.

For example, many attacks use techniques like “buffer overflows”, where a memory access is performed outside of the normal bounds of a data structure. This is impossible with CHERI because the data buffer’s boundaries are strictly enforced by the hardware. Similarly, CHERI will help identify software defects earlyby throwing an error if an access lands outside of a buffer, preventing silent bugs that could become harmful in some other use cases.

Some memory access errors are caused by the software designers themselves by not observing or understanding the pitfalls built into C/C++ programming languages.

By checking the bounds of all memory accesses, both known and future attacks can be mitigated.

CHERI is a horizontal security technology and is not specific to any particular market segment. It provides the reassurance end customers and sensitive applications require across a wide range of industries, from automotive to IoT and defence. As long as software is running in a system, CHERI can protect it.
CHERI extends the base Instruction Set Architecture (ISA) with extended registers and additional instructions to process them. It currently has implementations on Arm, x86, RISC-V and MIPS, but could be implemented for other architectures.

The C in CHERI stands for capability. In security, a capability refers to an unforgeable token that provides a set of access rights. In CHERI, capabilities are used to convey memory access rights that include bounds and permissions. A capability is a replacement for a pointer. Capabilities can be used to check for valid use of all memory accesses and flag exceptions as needed, preventing unexpected behavior in software. Systems without CHERI typically have weak, or even no, runtime checking, so are prone to malfunction through programming errors and malware attacks that go unnoticed. 

CHERI memory protection is “fine-grained” because access permissions can be specified even down to single memory locations, and all memory accesses. Without fine-grained access checking in hardware, security mechanisms often fall back to simpler methods that provide coarse-grained or “statistical” protection, meaning that they cannot guarantee 100% protection.

CHERI compartmentalization is ‘fine-grained’ and allows the definition of software compartments at any scale from a complete software system down to a single function. Other “coarse-grained” techniques such as Virtual Machines do not offer this flexibility.

CHERI allows a clean isolation of any function or any data structure in the system, effectively creating a watertight boundary for a defense in depth of the system, much more efficient than simple separations between “secure” and “unsecure” worlds, which are much too coarse to support the complexity of modern use cases.

CHERI and Rust complement each other.

Rust is a programming language focused on safety, speed, and concurrency, designed to ensure memory safety. Where possible, it is recommended to write new code in safer languages like Rust… but it is obviously impossible to re-write the existing trillions of lines of existing code.

Rust relies on FFI (Foreign Function Interface), that calls “unsafe” native libraries written in C/C++. CHERI can be used to enforce memory safety in these libraries, without having to rewrite them. It is therefore necessary to combine Rust and CHERI to get a full protection.

There are multiple platforms available currently:

There are many ways to get involved, and you don’t have to be an expert in everything to participate in making the World more secure. It depends on your case:

  • to learn about the technology itself and/or do research, a good starting point is the CHERI area from University of Cambridge
  • to get involved in promoting CHERI, contact us to join the CHERI Alliance and spread the message
  • to start adapting software to CHERI, contact us to know more
  • to design CHERI processors, learn about the technology (see above) and get involved in the RISC-V CHERI SIG
  • to create chips containing CHERI, contact the CHERI Alliance or one of its members that propose CHERI processor IP: Codasip or lowRISC
  • to build modules or products that benefit from CHERI security, contact the CHERI Alliance or one of its members that propose CHERI chips: SCI Semiconductor
  • to accelerate the adoption of CHERI in your industry, contact us to join the CHERI Alliance and help educate various players and decision makers, and to bring your requirements to the technology providers
  • to help educate the engineering community, contact us to join the CHERI Alliance and create reference material that will support development efforts