ipXchange, Electronics components news for design engineers 1200 627

CHERI kills cyberattacks with ‘bounded’ software

ipXchange, Electronics components news for design engineers 310 310

By Jake Morris


Cybersecurity is one of the most important topics of this age, but what are companies doing to truly hinder attackers from digging down into your devices once they are compromised? Codasip’s CHERI technology aims to stop attackers in their tracks!

At Embedded World 2024, ipXchange chatted with Andy from Codasip about a remarkable security instruction set architecture that has been 14 years in the making: CHERI (Capability Hardware Enhanced RISC Instructions). In fact, it won the Embedded Award 2024 for Safety & Security, so what does CHERI do exactly?

Embedded Award 2024 winner graphic

As Andy explains, CHERI is a spatial memory protection technology, and Codasip is the first company to have brought this to market within a highly verified processing core. CHERI enables fine-grained protection of device memory and compartmentalisation of software so that a hacker is unable to access other parts of a system through its weakest point of entry.

Software typically has ‘pointers’, but CHERI replaces these with ‘capabilities’, which have an address, bounds, and permissions. Unlike, pointers, which enable you to manipulate the program so that it can act beyond its original purpose and location in a system, the bounds of capabilities prevent you – or a hacker – from doing this without the act being detected by the hardware.

These permissions also limit what that capability of the program can do, and CHERI’s capabilities can only decrease their bounds or permissions once created. They must also be created by another capability with equal or wider bounds.

This means that a hacker cannot create a capability than enables it to access more of a system than was intended, hence why CHERI offers great protection against cybersecurity threats that are designed to spread throughout a system.

Partitioning of memory and software permissions in this way is essential for ensuring safe and secure systems in the field, where 70% of all security vulnerabilities are caused by memory-related phenomena. A security attack is simply a chain of vulnerabilities, and CHERI’s spatial memory protection breaks that chain of attack.

Codasip has implemented CHERI on its A730 64-bit application processor, which has been fully optimised for running CHERI from the start of its development. Using Codasip studio, Codasip’s software development tool, engineers can implement and evaluate this technology on an FPGA board like the Digilent one shown in this interview.

If you’re interested in trying out Codasip’s CHERI technology for your next commercial project, follow the link to the board page below and fill in the form to get connected!

Keep designing!

Love RISC-V? Here’s some other interesting interviews from ipXchange about this highly discussed architecture:

A RISC-V MCU that works solely on ambient energy

Custom RISC-V processors tailored to your application requirements

An expertly crafted 64-bit RISC-V core in an affordable single-board computer for industrial IoT

Comments

No comments yet

You must be signed in to post a comment.

    We care about the protection of your data. Read our Privacy Policy.

    Get the latest disruptive technology news

    Sign up for our newsletter and get the latest electronics components news for design engineers direct to your inbox.