Professor of Computer Engineering. University of Cambridge. UK.
“Making computers fundamentally more secure – the CHERI approach“
20 February 2025
Abstract
Year-on-year memory safety vulnerabilities account for around 70% of all computer security vulnerabilities. The CHERI architecture enhances hardware and software to deterministically mitigate these and other vulnerabilities. In a 14+ year collaboration between University of Cambridge, SRI International, ARM Ltd and others, a full-stack security solution has been produced including the ARM Morello multicore 7nm SoC demonstrator and associated software stack.
Microsoft Security Response Center undertook a substantial study to see how many of their 2019 vulnerabilities (CVEs) could have been mitigated using CHERI; concluding that two thirds would have been completely mitigated to the point where a patch was unnecessary. Microsoft has subsequently produced CHERIoT, an open-source CHERI enhanced RISC-V microcontroller. In 2023 government agencies from USA, Canada, UK, Australia and New Zealand issued the report “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by Design and -Default” that recommends CHERI as the secure hardware foundation. The 2024 White House report “Back to the building blocks: a path toward secure and measurable software” identifies the need for memory safety and commends the CHERI approach.
This talk will present an overview of the technical approach and a summary of some of the many results to-date.
Bio
Simon Moore is a Professor of Computer Engineering at the University of Cambridge Department of Computer Science and Technology (previously the Computer Laboratory) in England, where he conducts research and teaching in the general area of computer architecture with particular interests in secure and rigorously-engineered processors and subsystems
multicore.world 