Apply for the development board now

CHERI kills cyberattacks with ‘bounded’ software

Cybersecurity is one of the most important topics of this age, but what are companies doing to truly hinder attackers from digging down into your devices once they are compromised? Codasip’s CHERI technology aims to stop attackers in their tracks!

At Embedded World 2024, ipXchange chatted with Andy from Codasip about a remarkable security instruction set architecture that has been 14 years in the making: CHERI (Capability Hardware Enhanced RISC Instructions). In fact, it won the Embedded Award 2024 for Safety & Security, so what does CHERI do exactly?

Embedded Award 2024 winner graphic

As Andy explains, CHERI is a spatial memory protection technology, and Codasip is the first company to have brought this to market within a highly verified processing core. CHERI enables fine-grained protection of device memory and compartmentalisation of software so that a hacker is unable to access other parts of a system through its weakest point of entry.

Software typically has ‘pointers’, but CHERI replaces these with ‘capabilities’, which have an address, bounds, and permissions. Unlike, pointers, which enable you to manipulate the program so that it can act beyond its original purpose and location in a system, the bounds of capabilities prevent you – or a hacker – from doing this without the act being detected by the hardware.

These permissions also limit what that capability of the program can do, and CHERI’s capabilities can only decrease their bounds or permissions once created. They must also be created by another capability with equal or wider bounds.

This means that a hacker cannot create a capability than enables it to access more of a system than was intended, hence why CHERI offers great protection against cybersecurity threats that are designed to spread throughout a system.

Partitioning of memory and software permissions in this way is essential for ensuring safe and secure systems in the field, where 70% of all security vulnerabilities are caused by memory-related phenomena. A security attack is simply a chain of vulnerabilities, and CHERI’s spatial memory protection breaks that chain of attack.

Codasip has implemented CHERI on its A730 64-bit application processor, which has been fully optimised for running CHERI from the start of its development. Using Codasip studio, Codasip’s software development tool, engineers can implement and evaluate this technology on an FPGA board like the Digilent one shown in this interview.

If you’re interested in trying out Codasip’s CHERI technology for your next commercial project, follow the link to the board page below and fill in the form to get connected!

Keep designing!

Love RISC-V? Here’s some other interesting interviews from ipXchange about this highly discussed architecture:

A RISC-V MCU that works solely on ambient energy

Custom RISC-V processors tailored to your application requirements

An expertly crafted 64-bit RISC-V core in an affordable single-board computer for industrial IoT

Codasip RISC-V Processor Evaluation Boards

Looking for best-in-class RISC-V processing IP that you can easily evaluate?

Apply for the development board now
Get industry related news

Sign up for our newsletter and get news about the latest development boards direct to your inbox.

We care about the protection of your data. Read our Privacy Policy.