CTSRD – Project news
- May, 2016
We have now posted slides from the first CHERI microkernel workshop, which took place in Cambridge, UK in April 2016.
- April, 2016
The first CHERI microkernel workshop took place in Cambridge, UK on 23 April 2016, drawing attendees from SRI International, the University of Cambridge, T U Dresden, ETH Zurich, George Washington University, ARM, Broadcom, Google, and Hewlett Packard Labs, and Oracle.
- February, 2016
We have posted Qemu-CHERI, an ISA-level simulation of CHERI MIPS, to complement our HDL prototypes. Qemu-CHERI runs CheriBSD, providing an accessible CHERI experimentation environment.
- November, 2015
- October, 2015
Khilan Gudka has presented our paper on SOAAP, a tool to explore and evaluate compartmentalised software at ACM CCS 2015.
- August, 2015
Our paper on SOAAP, an analysis tool to explore and evaluate compartmentalised software, has been accepted to ACM CCS 2015.
- May, 2015
Our third full paper on CHERI, CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, was presented at the IEEE Symposium on Security and Privacy (Oakland) in May 2015. This paper discusses the hardware-software object-capability model used for software compartmentalisation on CHERI.
We have made a new release of the BERI/CHERI source code, which has been updated for our most recent architectural changes described in our ASPLOS and Oakland papers, and includes everything necessary to synthesise BERI on an Altera FPGA.
- April, 2015
Our second full paper on CHERI, Beyond the PDP-11: Processor support for a memory-safe C abstract machine was presented at ASPLOS in March and received the Audience choice: Best presentation award. This paper discusses convergence of ideas about fat pointers and capabilities needed to support widely used C-language code idioms when compiling for CHERI.
- December, 2014
- June, 2014
We have now open sourced the BERI processor and its software stack, making available a high-quality RISC processor implementation and associated operating-system, compiler, and application stacks suitable for hardware-software teaching and research. This release includes full support for the CHERI ISA, which supports fine-grained memory protection and scalable software compartmentalization. This release coincides with presentation of our paper on the CHERI memory model at ISCA 2014.
- April, 2014
Our first full paper on CHERI, The CHERI capability model: Revisiting RISC in an age of risk, will be presented at the International Symposium on Computer Architecture (ISCA) in June 2014.
We have now posted our paper on TESLA, presented at EuroSys 2014 in Amsterdam, The Netherlands. TESLA is a Clang/LLVM-based dynamic temporal assertion system that we have used to validate complex security properties, such as check-before-use, in operating systems, applications, and also security test suites.
- February, 2014
- The University of Cambridge Computer Laboratory has posted a job ad for multiple research assistants and post-doctoral researchers to work in the areas of operating-system, compiler, and CPU security. These roles will contribute to our CHERI, TESLA, and SOAAP projects, as well as support an open-source hardware-software research community we hope to develop around the CHERI processor.
- December, 2013
Robert Watson has written a Light Blue Touchpaper blog post, 2013 Capsicum year in review, describing research and deployment progress for Capsicum in 2013.
- October, 2013
We have now created a BERI open-source downloads web page that includes links to the hardware specs and build instructions for our Terasic DE4-based tablet, FreeBSD OS support, test suite, and shortly, open-source Bluespec designs.
Google has announced Capsicum for Linux, an adaptation of the Linux kernel to support Capsicum capability mode, capabilities, and process descriptors. This follows on the heels of ports of Capsicum to DragonFlyBSD, and news that FreeBSD 10.0 will ship with Capsicum enabled by default – along with several key applications sandboxed with Capsicum "out of the box".
- August, 2013
- We have open sourced Smten, a programming and SMT orchestration tool intended to support computer-aided verification of hardware designs, such as the CHERI processor, presented at CAV 2013.
- June, 2013
- We have open sourced the hardware specs and build instructions for our Terasic DE4-based tablet design. We use this tablet platform to host our BERI and CHERI processors.
- April, 2013
- The University of Cambridge Computer Laboratory has posted two job ads for the CTSRD project: research assistant and post-doctoral research associate positions in processor, operating system, and compiler security. Please see the job ads or recent blog post for further details.
- December 2012
- IEEE Spectrum has posted a Techwise Conversations podcast with Robert Watson discussing the clean-slate argument for computer security in operating systems and computer architecture.
- October 2012
The New York Times has posted an article on Peter G. Neumann and our work on clean-slate host and network security as part of their Science section.
ACM Queue has posted a video interview with Robert Watson, CTSRD project lead at Cambridge on the topic of research into the hardware-software interface, as well as the CHERI processor.
An early prototype of our SOAAP toolchain is now available for download.
- September 2012
- We have now posted a workshop paper describing the Security-Oriented Analysis of Application Programs (SOAAP) at the Workshop on Adaptive Host and Network Security (AHANS 2012) in Lyon, France.
- August 2012
- BERI support for the FreeBSD operating system has been committed to the FreeBSD Subversion repository, and will be included in FreeBSD 10.0.
- March 2012
- We have now posted a workshop paper describing our goals in the CHERI project. This paper was presented at RESoLVE 2012 in London.
- February 2012
- Communications of the ACM Research Highlights carries two articles on Capsicum, a hybrid capability system model developed in collaboration between the University of Cambridge and Google Research. Capsicum introduces new operating system primitives in support of application compartmentalisation, the fine-grained decomposition of software applications into independently sandboxed components in order to mitigate security vulnerabilities.
- January 2012
- FreeBSD 9.0 ships with experimental support for Capsicum! Learn more about Capsicum below.