70% of vulnerabilities eliminated
Embedded World Exhibition – Nuremberg Messe – Hall 5, booth 5-177
Capabilities Limited is working on a CHERI-enabled version of CVA6, a six-stage dual-issue RISC-V processor maintained by the OpenHW Foundation.
We will demo the processor running on a Genesys2 FPGA, showing how we are able to mitigate classic memory safety vulnerabilities in C/C++ applications running on CHERI-enabled operating systems (CheriBSD, CHERI-Linux, and CHERI-seL4).
The Capable Hub is working to improve the availability, quality and upstream alignment of open-source CHERI software. We will demonstrate a variety of software including Yocto Linux, Zephyr, and seL4, running on CHERI-enabled RISC-V architecture. We will also demonstrate how our hardware-in-loop infrastructure is improving the quality and test coverage of CHERI software.
Using the Codasip Prime CHERI exploration kit, which includes the V739 32-bit CHERI-RISC-V CPU, Codasip will demo an intentionally buggy FreeRTOS application running both without CHERI and in CHERI pure-capability mode, with no changes to the application source code. Three tasks deliberately write beyond buffer bounds. Without CHERI, memory is silently corrupted and execution continues. With CHERI enabled, the out-of-bounds writes are trapped immediately, the fault is handled safely, and corruption of sensitive data is prevented.
Details to follow
A wide variety of demos showcasing the features of the Sonata platform. These demos illustrate how memory safety protection mechanisms can mitigate issues as inspired by real world, observed bugs. The demos highlight how engineers can experiment on resolving real world issues.
