Back to Events

Making computers fundamentally more secure – the CHERI approach

Speaker

Simon Moore
University of Cambridge

Host

Adam Chlipala
CSAIL

April 10 2025

3:00P - 4:00P

Location

32-D463

Year-on-year memory safety vulnerabilities account for around 70% of all computer security vulnerabilities. The CHERI architecture enhances hardware and software to deterministically mitigate these and other vulnerabilities.  In a 14+ year collaboration between University of Cambridge, SRI International, ARM Ltd and others, a full-stack security solution has been produced including the ARM Morello multicore 7nm SoC demonstrator and associated software stack.

Microsoft Security Response Center undertook a substantial study to see how many of their 2019 vulnerabilities (CVEs) could have been mitigated using CHERI; concluding that two thirds would have been completely mitigated to the point where a patch was unnecessary.  Microsoft has subsequently produced CHERIoT, an open-source CHERI enhanced RISC-V microcontroller.  In 2023 government agencies from USA, Canada, UK, Australia and New Zealand issued the report “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by Design and -Default” that recommends CHERI as the secure hardware foundation.  The 2024 White House report “Back to the building blocks: a path toward secure and measurable software” identifies the need for memory safety and commends the CHERI approach.

This talk will present an overview of the technical approach and a summary of some of the many results to-date.

Add to Calendar 2025-04-10 15:00:00 2025-04-10 16:00:00 America/New_York Making computers fundamentally more secure – the CHERI approach Year-on-year memory safety vulnerabilities account for around 70% of all computer security vulnerabilities. The CHERI architecture enhances hardware and software to deterministically mitigate these and other vulnerabilities.  In a 14+ year collaboration between University of Cambridge, SRI International, ARM Ltd and others, a full-stack security solution has been produced including the ARM Morello multicore 7nm SoC demonstrator and associated software stack.Microsoft Security Response Center undertook a substantial study to see how many of their 2019 vulnerabilities (CVEs) could have been mitigated using CHERI; concluding that two thirds would have been completely mitigated to the point where a patch was unnecessary.  Microsoft has subsequently produced CHERIoT, an open-source CHERI enhanced RISC-V microcontroller.  In 2023 government agencies from USA, Canada, UK, Australia and New Zealand issued the report “Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Security-by Design and -Default” that recommends CHERI as the secure hardware foundation.  The 2024 White House report “Back to the building blocks: a path toward secure and measurable software” identifies the need for memory safety and commends the CHERI approach.This talk will present an overview of the technical approach and a summary of some of the many results to-date. TBD

Organizer & Contact

Adam Chlipala

Related Events