Webinar – CHERI: Fine-Grained Memory Protection to Prevent Cyber Attacks

Cyber attacks are top of mind for just about everyone these days. As massive AI data sets become more prevalent (and more valuable), data security is no longer “nice to have”. Rather, it becomes critical for continued online operation and success. The AI discussion is a double-edged sword as well. While AI enables many new and life-changing capabilities, it has also enabled very sophisticated data breaches. Codasip is presenting a webinar soon that provides a powerful new capability to significantly reduce the data security risks faced by advanced systems. If you worry about these topics, this webinar is a must-see event. A registration link is coming, but first let’s look at what you’ll learn about a technology called CHERI and how it delivers fine-grained memory protection to prevent cyber attacks.

Watch the Replay

About the Webinar

Capability Hardware Enhanced RISC Instructions (CHERI) technology was developed at the University of Cambridge as the result of research aimed at revisiting fundamental design choices in hardware and software to improve system security. CHERI has been covered on SemiWiki previously. You can find several posts on the technology here. The headline news in these posts is that Codasip is the first to deliver a production implementation of CHERI for the RISC-V ISA.

The implications of this are significant. The Codasip webinar does a great job explaining the history, details, and capabilities of CHERI. You will learn what this technology can do and how to use it on your next project. There are two webinar presenters who cover a lot of ground in a relatively short amount of time. The entire webinar, including a very informative Q&A session is just over 30 minutes. Here is some background on the presenters:

Carl has over 30 years of experience developing software and securing embedded systems and processors. Carl now works as a Safety & Security Architect at Codasip, where he evaluates leading-edge security and safety technology and leads its adoption and implementation into Codasip’s products.

Andrew started his 20+ year career in security working on the IP and architectures for complex Pay-TV System-on-Chips. This paved the way to many years of consultancy for semiconductor and product manufacturers. He now also works as a Safety & Security Architect at Codasip, where he looks after the system aspects of security and helps with the ISO 26262 and ISO 21434 certification of products.

Let’s look at the topics these gentlemen cover in the upcoming webinar.

Webinar Details

Here are the main topics covered during the webinar. I’ll provide a taste of what you will learn.

Software Security Vulnerabilities

There is an incredible statistic about the root cause of cyber vulnerabilities. It turns out that for many years, about 70% of the attacks can be traced to exploitation of memory weaknesses. Carl and Andrew dive into this incredible statistic. You will learn a lot about the roots of memory weaknesses and how to address these issues at the architectural level. Some great history is also presented.

What is CHERI?

We already covered what the acronym stands for. CHERI is an extension of a processor ISA that enables robust memory access mechanisms with a software/hardware design paradigm. A core part of the technology is something called capability-based addressing. This approach has been around since the 1960s. What is new is the approach to add capabilities to contemporary ISAs.

A capability is a token or “key” that grants the bearer the authority to access a specific resource or perform a specific operation. The webinar dives into the details of how this security approach can have significant impact.

How Can CHERI be Used?

Several examples are explored in this section that illustrate the application of CHERI to address real-world security challenges. The discussion begins with an illustration of protection of data in a stack. A very interesting discussion on compartmentalization then follows.

Software Impact

Here is where the webinar presenters dig into how CHERI works for real-world problems. It turns out there are no major re-writes required to enhance security with CHERI. Re-compiling the application with a CHERI-enabled compiler will produce a large impact with small effort.

More details of approaches to implement CHERI are also presented, along with a discussion of impact on code size and memory usage. A lot of detail is presented.

Codasip’s CHERI Implementation

In the final segment of the webinar, the history and focus of Codasip is presented, along with significant details about the CHERI-enabled technology available from Codasip. The work the company is doing with many partners across the ecosystem is also explained. The graphic at the top of this post is a depiction of the breadth of this work.

This is followed by an excellent Q&A session that covers many probing and some provocative topics. All-in-all, a great use of a half hour!

To Learn More

You can register for the webinar replay here, don’t miss it! And that’s how CHERI delivers fine-grained memory protection to prevent cyber attacks.