The CHERI Alliance - getting memory safety into all devices
Description
The worldwide cost of cyberattacks now reaches an estimated $10 trillion per year. Memory safety issues continue to be the main source of cyber security problems and have consistently represented ~70% of vulnerabilities over the past 20 years. Therefore, there is a strong and increasing interest in CHERI (Capability Hardware Enhanced RISC Instructions), a technology that mitigates memory safety vulnerabilities by design. It provides security features at the hardware level that can be leveraged by the software to provide more robust security. It has been developed by University of Cambridge and other research labs, and after 14 years of improvement and tuning, it is now ready to go into products. However, getting the industry to adopt a new security technology requiring new hardware, is not something that will happen without a proactive and coordinated effort. This is the goal of the CHERI Alliance, a non-profit organisation created to accelerate the adoption of the technology. This talk provides an overview of the CHERI technology: the benefits it provide, an overview of how it works, and the constraints associated with its integration. It also introduces the CHERI Alliance: its objectives, its means and its roadmap.
.png)
