CFI with CHERI

References:

From CHERI ISA V5:

CHERI allows software privilege to be minimized at two levels of abstraction.

  • architectural least privilege: memory capability.

    • data pointers: against data-oriented vulnerabilities, such as buffer overflows.
    • code pointers: support CFI by preventing corruption of code pointers/return addresses.

  • application-level least privilege: software compartmentalization using object capabilities.

More

Created Feb 10, 2022 // Last Updated Feb 14, 2022

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?