Computer Laboratory

CTSRD

CTSRD – Rethinking the hardware-software interface for security


CHERI tablet photo
Newflash - June 18 2014: the BERI/CHERI source code is now available for download! Physical build specs for the Terasic DE4-based tablet are online, as is FreeBSD OS support for BERI, which was merged to FreeBSD 10.0 in August 2012.
Newsflash - April 2014: Our first full paper on CHERI, The CHERI capability model: Revisiting RISC in an age of risk, was presented at the International Symposium on Computer Architecture (ISCA) in June 2014.
Newsflash - December 2013: Robert Watson has posted a blog article 2013 Capsicum year in review describing research and deployment progress for Capsicum in 2013.

CTSRD is a joint research project between SRI International's Computer Science Laboratory and the University of Cambridge Computer Laboratory, supported by DARPA (part of the DARPA CRASH programme) and Google. The project is revisiting the hardware-software security interface for general-purpose CPUs to fundamentally improve security; to this end, we are integrating a hybrid capability model and continuous hardware-assisted validation of security design principles with a commodity CPU ISA and open source operating systems. We are pursuing several new software/hardware features as part of this research:

There is a strong interest, throughout, in judiciously applying formal methodology and bringing formally grounded techniques to mainstream hardware and software development. This work has motivated the creation of the Bluespec extensible RISC implementation – an open-source platform for research into the hardware-software interface, with a BSD-licensed operating system and toolchain based on FreeBSD and Clang/LLVM. We are using open source, wherever possible, to transition new technologies into mainstream use.

CTSRD builds on long past experience at both institutions in security and systems research, including Multics, PSOS, the Newcastle DSS, separation kernels, the DARPA CHATS programme, PVS/SAL/YICES, LynuxWorks, the CAP computer, the MAC Framework, multi-threaded CPU design, Xen, Capsicum, and MirageOS.

News media