Capability Hardware Enhanced RISC Instructions
Is ring-based privilege separation removable?
Is the process model (with context switch consequence) a must for future applications, while the 64-bit address space is large enough to hold many applications?
If we don’t have process model, all application sharing a single address space, how does the operating system do scheduling? How to run applications on multi-cores?
Achieve a sound and complete pointer analysis by constraining, and/or extending the Arch, PL, and OS designs? For the purpose of formal verification of the entire software stack.
What CHERI cannot protect?
Given the theoretical secure isolation of sandboxes in CHERI, an interesting problem would be whether a cross-domain transition to/from trampoline sandbox is more efficient than the transition to/from kernel. And, how many sandboxes a single address space can have in scale. Or how to design sandbox interaction topology to avoid the bottleneck scenario in the traditional kernel/user architecture where a kernel is the bottleneck.
a secure ‘trampoline’ domain for domain transition. A sandbox that mimics the kernel to maintain a trusted stack that is not visible to all other domains outside.
a ‘distributed’ trampoline sandbox framework for domain transition? Each time a domain invokes another domain, a new ‘trampoline’ domain is created dynamically with its own protected stack and ensures the return address will not be corrupted.
Can we do sound pointer analysis on C program using CHERI LLVM compiler?
Cheri Basics
LLVM purecap hacking:
A toy example in kernel without libcheri, but mostly in assembly.
Cheri Usage:
CheriBSD
CHERI itself:
Bluespec System Verilog source code:
Sealing
… adoption of compartmentalization has been limited by a conflation of hardware primitives for virtual addressing and separation, leading to inherent performance and programmability problems when implementing fine-grained separationi.
Specifically, we seek to decouple the virtualization from separation to avoid scalability problems imposed by translation look-asside buffer (TLB)-based Memory Management Units (MMUs), which impose a very high performance penalty as the number of protectino domains increases, as well as complicating the writing of compartmentalized software.
The CHERI ISA provides a sound and formally based architectural foundation for the principled development of highly trustworthy systems.
CHERI Background Material cite: CHERI Background @RISC-V SIG CHERI CHERI Talks/Videos Motivation for CHERI YouTube video (3-minutes) HotChips 2022 - Talk on Morello (CHERI on ARM): YouTube Slides CHERI Session at RISC-V Week in Paris Slides Industry Announcements about CHERI ARM Morello (CHERI on ARM) Web site Microsoft announce CHERI-RSIC-V embedded core Blog Microsoft security analysis of CHERI Report PDF on GitHub Background Research See the Cambridge CHERI project Web site An introduction to CHERI Report CHERI ISA reference Report More informative introductions:
An implementation of C abstract machine that can run legacy C code with Strong memory protection guarantees.
More [2019 Micro] CHERIvoke: Characterising Pointer Revocation using CHERI Capabilities for Temporal Memory Safety. References: CHERIvoke: Characterising Pointer Revocation using CHERI Capabilities for Temporal Memory Safety. pdf. MICRO, 2019. Overview A new allocator with quanrantine buffer that stores “to-be-revoked” segments. Quanrantine Buffer (delayed sweeping): a list of object addresses that are freed but not safe to be reused yet. These addresses are kept in a cached list of addresses of freed object; addresses in this buffer cannot be reused (not really freed yet); only do sweep when the buffer is full; and address is available for reuse after sweep (here have the real free); sweep all memory that could contain references to the heap; invalidate any capability references that points to any region in the quanrantine buffer; sweep using a shadow map to store revocation metadata (1 bit for every 16-byte granule of the heap; 1⁄128); Revocation Shadow Map: bit-map for quarantined objects (fast look-up): bit-mapped tags for all heap memory; 1-bit for 16 byte of heap; every allocation in quanrantine buffer is ‘painted’ in this map, indicating a to-be-revoked region in the heap; To Sweep: scan all memory for references for each reference, perform a look-up at this map to determine whether to revoke the reference (capability/pointer); use the base of the reference to detect if it is pointing into a revoked object; new allocator dlmalloc_cherivoke to replace dlmalloc.
References: Complete spatial safety for C and C++ using CHERI capabilities Evaluation 1 qsort() microbenchmark: The actual comparison of the integers is performed in a different DSO (Dynamic shared object). MiBench. #### CHERISH Evaluation Cheri sub-object Hardening. MiBench Real issues found in CheriBSD. buffer overflows in jemalloc and libarchive out-of-bounds 2D array write in awk buffer overflow in cheritest layout incompatibility of _Unwind_Exception.
Reference123. Questions Why do we need domain? Globals Across Domains Globals are accessible to all domains, no distinguish. This means if some data is passed from Domain A to Domain B, an unrelated domain, say Domain C, will also have a chance to know the data. Untagged Data Across Domains The untagged data in the argument list is not checked when do a CCall. Is it possible to leak information?
Todos: what is the 1% of the C userspace not adapted to CHERI? Why? Lele: idiom violations/undefined behaviors; need manual change to be adapted. How to prevent confused-deputy attacks via the kernel? How cheri generate dynamically linked programs? What is ABI’s relation with Compilers, OS, and architectures? What is ABI? Motivation/Problems Problem of C C language is not safe. memory errors; injecting, manipulating, or abusing pointers in the run-time environment; explicit: declared data/code pointers; implicit: generated code to implement global variables (PIC, GOT, PLT) or return addresses; by the runtime to implement cross-library control flow.
Reference: CHERI concentrate [ISAv9-draft, Chapter 3.5.4, CHERI Concentrate Compression]() Overview Cheri Concentrate(CC) is a compression scheme applied to CHERI. CC achieves the best published region encoding efficiency, solves important pipeline problems caused by a decompressed register file. Problem The object bounds and permission information encoded in capability pointers cause the largest overhead among all overheads. Thus need a new encoding scheme to reduce overhead, i.e a method for compression and decompression.
References: [1] CHERI ISA v5 (2016), v6(2017), v7 (2019). [2] CheriBSD, github, link. 2016 v5: Initial in-kernel privilege limitation 2017 v6: Mature kernel privilege limitation [3] CHERI programmer’s guide, UCAM-CL-TR-877, 2015. Questions/Proposals Kernel has no capability state during context switch: kernel state How does CheriBSD do memory partition for physical memory tags? In details Kernel Change List Kernel Capability
Reference 1 2 Makefile change FreeRTOS/Demo/RISC-V_Galois_P1/Makefile Makefile fix for Clang/LLVM tools Initial Update Github: CHERI-FreeRTOS ↩ Using FreeRTOS on RISC-V Microcontrollers ↩
CHERI-aware real-time operating system, CheriRTOS. Fine-grained memory protection Secure centralized heap management; Dynamic task loading; Low-latency and direct domain crossing; Distributed trusted stacks to protect return contexts; Secure peripherals. Current limitations MPU limitation MPU is a kernel space device, each register takes multiple cycles to configure; usually configured only globally at system start-up, which makes per-task memory access control difficult; user space cannot leverage it for intra-task protection; MPU entries are limited.
Reference 1 Google Hafnium. Project Oak reference ↩
Reference 1 PCIe to SATA breakout board CHERI Cloud: Bluehive ↩
References: [1] CHERI ISA v5 (2016). Existing formal methodology applied to software security has significant problems with multi-address-space security models; formal approaches have relied on the usefullness of addresses(pointers) as unique names for objects. Whereas this weakness in formal methods is a significant problem for traditional CPU designs, which offser security primarily through rings and address-space translation, CHERI’s capability model is scoped within address spaces. This offers the possibility of applying existing software proof methodology in the context of hardware isolation (and other related properties) in a manner that was previously infeasible.
References: [1] ISA Semantics for ARMv8-A, RISC-V, and CHERI-MIPS. POPL, 2019 [2] CHERI ISA v8, 2020. Basics Architecture specifications define the fundamental interface between hardware and software: the envelope of allowd behaviour for processor implementations, and the basic assumtions for software development and verification. In practise, they are typically prose and pseudocode documents, not rigorous or executable artifacts, leaving software and verification on shaky ground. Sail: an ISA semantic language with dependent type system.
Q & A How two layers tag cache work? How to update the nodes in the layers? How is the tag being set? all caps being originated from one cap: the cap covers entire address space. Each new pointer is created via explict capability. Local pointers Pointers to Global Pointers to Heap How can we propagate the tag? 2017 paper: Tags is cached with the memory they describe within the cache hierarchy.
Reference 1 gABI Morello AArch64 ABI ELF for dynamic linking As in gABI(retrieve date 20221117) Note Section Type Name 0x0 [NT_CHERI_GLOBALS_ABI] 0x1 [NT_CHERI_TLS_ABI] 0x80000000 - 0xffffffff – (Reserved for processor-specific use) NT_CHERI_GLOBALS_ABI, this note describes the ABI variant in use for accessing globals. Capabilities for globals can be obtained in the following different ways. 0x0: CHERI_GLOBALS_ABI_PCREL.
Configure simulator ./memoryconfig (or $CHERI_MEMORY_CONFIG), describes how the hardware should be simulated. Individual simulated hardware periperals are built as shared libraries; The simulator will use dlopen() to load the libraries; Any module specific options are passed to the module at load-time. C-like syntax in the configuration file. module statement to load the simulated device module. device blocks to declare devices by declaring a class. class selects the simulated device type.
Capability Registers vs. Segments. x86 segments (CHERI ISA v7, Chapter 6) The x86 arch first added virtual memory support via relocatable and variable-sized segments. Each segment was assigned a mask of permissions. Memory references were resolved with respect to a specific segment including relocation to a base address, bounds checking, and access checks. Special segments types permitted transitions to and from different protection domains. Key differences with CHERI: x86 addresses are stored as a combination of an offset and a segment spanning two different registers.
References: reference More
References: reference More
References: reference More
References: [CHERI QEMU source code] QEMU Developer’s Guide Translate References: reference More CCall References: target/mips/translate.c // target/mips/translate.c mips_tr_translate_insn() --> gen_branch() // is_slot decode_opc() --> gen_compute_compact_branch() --> gen_branch() // bcond_compute == 0 --> gen_helper_copy_cap_btarget_to_pcc(cpu_env) // MIPS_HFLAG_BRCCALL/MIPS_HFLAG_BRC --> CHERI_HELPER_IMPL(copy_cap_btarget_to_pcc(CPUArchState *env)) More Syscall References: target/mips/translate.c mips_tr_translate_insn() --> decode_opc() // !(ctx->hflags & MIPS_HFLAG_M16) --> decode_opc_special() --> generate_exception_end(ctx, EXCP_SYSCALL) generate_exception_end() -> generate_exception_err() // target/mips/translate.c // generate_exception_end(ctx, EXCP_SYSCALL) --> generate_exception_err(ctx, excp, 0) static inline void generate_exception_err(DisasContext *ctx, MipsExcp excp, int err) { TCGv_i32 texcp = tcg_const_i32(excp); TCGv_i32 terr = tcg_const_i32(err); save_cpu_state(ctx, 1); gen_helper_raise_exception_err(cpu_env, texcp, terr); tcg_temp_free_i32(terr); tcg_temp_free_i32(texcp); ctx->base.
Reference1: Todones Passes to tracking data with attributes, such as privileged; Address space 200 data layout string (Programmer’s Guide, 2015) The data layout string is modified to define the address space for alloca instructions. It is assumed that, within a compilation unit, every alloca returns a pointer in the same address space. By default, this address space is 0, but when targeting the pure-capability ABI, it is set to 200.
Quick pinning CHERI source, good for both lib and kernel: __has_feature(capabilities), used in sys/, bin/, lib/, libexec/, contrib/, include/, stand/, and *.h, *.c; defined(__CHERI__), used in sys/, lib/, contrib/, and *.h, *.c, *.S; Cheri Simulation: Spike: https://github.com/CTSRD-CHERI/TestRIG Cross Reference 1 Cross-compiling for CheriBSD In order to cross-compile projects such as NGINX or PostgreSQL for CheriBSD you will first need a full SDK: cheribuild.py cheribsd-sdk. The you can then run cheribuild.
References: Security Analysis of CHERI ISA, 2021. Windows 8 Heap Internals, BlackHat, USA, 2012. Software Defense: Mitigating Heap Corruption Vulnerabilities An Armful of CHERIs, Security Research & Defense, By Saar Amar, January 20, 2022 Type Confusion Attack Heap Attacks Software Defense: Mitigating Heap Corruption Vulnerabilities Metadata Corruption and Type Confusion Attack Assumption: the metadata is corrupted in some way.
References: Security Analysis of CHERI ISA CHERI ISA V5. From CHERI ISA V5: CHERI allows software privilege to be minimized at two levels of abstraction. architectural least privilege: memory capability. data pointers: against data-oriented vulnerabilities, such as buffer overflows. code pointers: support CFI by preventing corruption of code pointers/return addresses. application-level least privilege: software compartmentalization using object capabilities. More
If you could revise
the fundmental principles of
computer system design
to improve security...
... what would you change?