Complete Spatial Safety for C and C++ using CHERI capabilities

References:

Evaluation 1

  • qsort() microbenchmark: The actual comparison of the integers is performed in a different DSO (Dynamic shared object).

  • MiBench.

#### CHERISH Evaluation Cheri sub-object Hardening.

  • MiBench

  • Real issues found in CheriBSD.

    • buffer overflows in jemalloc and libarchive
    • out-of-bounds 2D array write in awk
    • buffer overflow in cheritest
    • layout incompatibility of _Unwind_Exception. Incompatibility between two declarations of struct _Unwind_Exception, used for thread unwinding and C++ exceptions.

  • Memory protection benefit evaluation

    • BOdiagsuite suite of 291 programs by Kratkiewicz 1. Used by Hardbound2 and CheriABI.
    • Juliet CWE test suite 3, no sub-object overflows.
    • Compare against
    • ASan
    • Stack canaries
    • _FORTIFY_SOURCE
    • Valgrind
    • EffectiveSan
    • SoftBound-CETS
    • CheriABI

PostgreSQL, WebKit.

More

  1. BOdiagsuite. ↩
  2. Hardbound. ↩
  3. Juliet CWE. ↩
Created Sep 1, 2020 // Last Updated Jul 13, 2021

If you could revise
the fundmental principles of
computer system design
to improve security...

... what would you change?