A new chip security consortium known as the CHERI Alliance has emerged with a primary goal of safeguarding data stored in hardware memory against cyber attacks. The alliance advocates for a protection model that segregates hardware and software to block hackers from injecting harmful code into memory, subsequently preventing them from seizing control of systems or pilfering data.
According to a statement released by the CHERI Alliance, approximately 70% of cyber attackers exploit memory vulnerabilities as entry points for their attacks. In response to this alarming statistic, the consortium is gearing up for a formal launch scheduled for September of this year.
Tora Fridholm, a spokesperson for the alliance, pointed out that traditional methods of addressing memory vulnerabilities often fall short, either leaving gaps in security or proving impractical. What sets CHERI apart is its deployment of fine-grained memory protection, a unique technology that effectively thwarts such issues without imposing significant overhead.
The focus of the CHERI Alliance extends to securing memory in ARM, MIPS, and RISC-V architectures, which dominate the realm of edge devices. The consortium boasts a lineup of supporting entities including the University of Cambridge, the FreeBSD Foundation, Capabilities Limited, lowRISC, and SCI Semiconductor. Despite ARM’s prevalence in the microcontroller and mobile markets, the company has yet to join the alliance.
Recent memory-bound vulnerabilities have plagued ARM-based processors, exemplified by incidents such as the exploitation of GPU memory accessibility and the emergence of vulnerabilities like Meltdown and Spectre variants. These vulnerabilities have allowed cyber attackers to manipulate and compromise memory systems.
The roots of the CHERI program can be traced back to 2010 when it evolved as a collaborative research effort involving the University of Cambridge and SRI International. Originally financed by DARPA’s CRASH program, the researchers developed a hardware platform based on CHERI with built-in memory protection capabilities. Microsoft’s Security Response Center reviewed ARM’s prototype Morello board with CHERI extensions and proposed enhancements to enhance its design.
A thorough research paper published earlier this year expounded on CHERI as a comprehensive hardware-software capability-based system that extends various elements of the computing ecosystem to ensure robust pointer and memory safety. Furthermore, CHERI researchers have devised toolkits to assist C and C++ programmers in implementing memory protection measures within their code. Unlike newer development tools like Rust that feature automatic memory protection mechanisms, C++ necessitates manual intervention to fortify memory security, underscoring the importance of diligent memory protection practices.
In conclusion, the emergence of the CHERI Alliance signifies a concerted effort to fortify memory security and combat cyber threats targeting hardware memory. By pioneering innovative fine-grained memory protection technologies, the consortium aims to raise the bar in safeguarding critical data and systems against malicious intrusions.