Cybersecurity is one of the most important topics of this age, but what are companies doing to truly hinder attackers from digging down into your devices once they are compromised? Codasip’s CHERI technology aims to stop attackers in their tracks!
At Embedded World 2024, ipXchange chatted with Andy from Codasip about a remarkable security instruction set architecture that has been 14 years in the making: CHERI (Capability Hardware Enhanced RISC Instructions). In fact, it won the Embedded Award 2024 for Safety & Security, so what does CHERI do exactly?
As Andy explains, CHERI is a spatial memory protection technology, and Codasip is the first company to have brought this to market within a highly verified processing core. CHERI enables fine-grained protection of device memory and compartmentalisation of software so that a hacker is unable to access other parts of a system through its weakest point of entry.
Software typically has ‘pointers’, but CHERI replaces these with ‘capabilities’, which have an address, bounds, and permissions. Unlike, pointers, which enable you to manipulate the program so that it can act beyond its original purpose and location in a system, the bounds of capabilities prevent you – or a hacker – from doing this without the act being detected by the hardware.
These permissions also limit what that capability of the program can do, and CHERI’s capabilities can only decrease their bounds or permissions once created. They must also be created by another capability with equal or wider bounds.
This means that a hacker cannot create a capability than enables it to access more of a system than was intended, hence why CHERI offers great protection against cybersecurity threats that are designed to spread throughout a system.
Partitioning of memory and software permissions in this way is essential for ensuring safe and secure systems in the field, where 70% of all security vulnerabilities are caused by memory-related phenomena. A security attack is simply a chain of vulnerabilities, and CHERI’s spatial memory protection breaks that chain of attack.
Codasip has implemented CHERI on its A730 64-bit application processor, which has been fully optimised for running CHERI from the start of its development. Using Codasip studio, Codasip’s software development tool, engineers can implement and evaluate this technology on an FPGA board like the Digilent one shown in this interview.
If you’re interested in trying out Codasip’s CHERI technology for your next commercial project, follow the link to the board page below and fill in the form to get connected!
Keep designing!
Love RISC-V? Here’s some other interesting interviews from ipXchange about this highly discussed architecture:
A RISC-V MCU that works solely on ambient energy
Custom RISC-V processors tailored to your application requirements
An expertly crafted 64-bit RISC-V core in an affordable single-board computer for industrial IoT
You must be signed in to post a comment.
Comments
No comments yet