CTSRD – Rethinking the hardware-software interface for security
|June 2016: We have now posted the
CHERI ISAv5 specification, which
improves the maturity of 128-bit capabilities, code efficiency, and
description of the protection model.|
|June 2016: We have now posted our
ASPLOS 2017 paper, CHERI-JNI:
Sinking the Java security model into the C, which explores how CHERI
capabilities can be used to support sandboxing with safe and efficient
memory sharing between Java Native Interface (JNI) code and the Java Virtual
Clean Slate Trustworthy Secure Research and Development (CTSRD - pronounced "custard") is a joint research project between SRI
International's Computer Science Laboratory and the University of Cambridge Computer
Laboratory, supported by DARPA (part of the DARPA CRASH programme) and
The project is revisiting the hardware-software security interface for
general-purpose CPUs to fundamentally improve security; to this end, we are
integrating a hybrid capability model and continuous hardware-assisted
validation of security design principles with a commodity CPU ISA and open
source operating systems.
We are pursuing several new software/hardware features as part of this
There is a strong interest, throughout, in judiciously applying formal
methodology and bringing formally grounded techniques to mainstream hardware
and software development.
This work has motivated the creation of the Bluespec
extensible RISC implementation – an open-source platform for research
into the hardware-software interface, with a BSD-licensed operating system and
toolchain based on FreeBSD and Clang/LLVM.
We are using open source, wherever possible, to transition new technologies
into mainstream use.
CTSRD builds on long past experience at both institutions in security and
systems research, including Multics, PSOS, the Newcastle DSS, separation
kernels, the DARPA CHATS programme, PVS/SAL/YICES, LynuxWorks, the CAP
computer, the MAC Framework, multi-threaded CPU design, Xen, Capsicum, and