Department of Computer Science and Technology

CTSRD

CTSRD publications

New to the CHERI architecture? Start by reading our technical report, An Introduction to CHERI. This is a high-level summary of our work on CHERI architecture, microarchitecture, formal modeling, and software. As CHERI has evolved significantly over time, this report provides the best introduction to, and overview of, our approach. Individual papers address narrower focuses, such as C-language support or capability bounds compression, and address specific snapshots of our design during the research and development life cycle.

Want to learn more? Our most recent CHERI instruction-set specification, CHERI ISAv9, replaces CHERI-MIPS with CHERI-RISC-V as our primary reference architecture, CHERI-MIPS is removed, merged files are always used, tags are cleared in preference to exception throwing for non-monotonic capability modification, and DDC/PCC no longer relocate memory accesses by default. CHERI-RISC-V is substantially refined in preparation for standardisation. The CHERI-x86 sketch is now substantially more detailed.

Research conference and journal papers

  • Nathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Jessica Clarke, Peter Rugg, Brooks Davis, Mark Johnston, Robert Norton-Wright, David Chisnall, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. Cornucopia Reloaded: Load Barriers for CHERI Heap Temporal Safety. Proceedings of ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS'24). San Diego, CA, USA, April 27 - May 1, 2024.
  • Franz A. Fuchs, Jonathan Woodruff, Peter Rugg, Marno van der Maas, Alexandre Joannou, Alexander Richardson, Jessica Clarke, Nathaniel Wesley Filardo, Brooks Davis, John Baldwin, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson. Architectural Contracts for Safe Speculation . Proceedings of the 2023 IEEE 41st International Conference on Computer Design (ICCD). Washington, DC, USA, November 6-8, 2023.
  • Saar Amar, David Chisnall, Tony Chen, Nathaniel Wesley Filardo, Ben Laurie, Kunyan Liu, Robert Norton, Simon W. Moore, Yucong Tao, Robert N. M. Watson, and Hongyan Xia. CHERIoT: Complete Memory Safety for Embedded Devices. Proceedings of the 56th IEEE/ACM International Symposium on Microarchitecture (MICRO 2023). Toronto, Canada, October 28-November 1 2023.
  • Richard Grisenthwaite, Graeme Barnes, Robert N. M. Watson, Simon W. Moore, Peter Sewell, and Jonathan Woodruff. The Arm Morello Evaluation Platform—Validating CHERI-Based Security in a High-Performance System, IEEE Micro, vol. 43, no. 3, pp. 50-57, May-June 2023, doi: 10.1109/MM.2023.3264676.
  • Thomas Bauereiss, Brian Campbell, Thomas Sewell, Alasdair Armstrong, Lawrence Esswood, Ian Stark, Graeme Barnes, Robert N. M. Watson, and Peter Sewell. Verified Security for the Morello Capability-enhanced Prototype Arm Architecture, 31st European Symposium on Programming (ESOP 2022), May 2022.
  • Franz Fuchs, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. Developing a Test Suite for Transient-Execution Attacks on RISC-V and CHERI-RISC-V, Computer Architecture with RISC-V workshop (CARRV 2021), co-located with ISCA 2021, June 17, 2021.
  • A. Theodore Markettos, John Baldwin, Ruslan Bukin, Peter G. Neumann, Simon W. Moore, and Robert N.M. Watson. Position Paper: Defending Direct Memory Access with CHERI Capabilities. Hardware and Architectural Support for Security and Privacy (HASP) 2020, October 2020.
  • Nathaniel Wesley Filardo, Brett F. Gutstein, Jonathan Woodruff, Sam Ainsworth, Lucian Paul-Trifu, Brooks Davis, Hongyan Xia, Edward Tomasz Napierala, Alexander Richardson, John Baldwin, David Chisnall, Jessica Clarke, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Alfredo Mazzinghi, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, Timothy M. Jones, Simon W. Moore, Peter G. Neumann, and Robert N. M. Watson. Cornucopia: Temporal Safety for CHERI Heaps. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2020). San Jose, CA, USA, May 18-20, 2020.
  • Kyndylan Nienhuis, Alexandre Joannou, Thomas Bauereiss, Anthony Fox, Michael Roe, Brian Campbell, Matthew Naylor, Robert M. Norton, Simon W. Moore, Peter G. Neumann, Ian Stark, Robert N. M. Watson, and Peter Sewell. Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process. In Proceedings of the 41st IEEE Symposium on Security and Privacy (Oakland 2020). San Jose, CA, USA, May 18-20, 2020.
  • Hongyan Xia, Jonathan Woodruff, Sam Ainsworth, Nathaniel W. Filardo, Michael Roe, Alexander Richardson, Peter Rugg, Peter G. Neumann, Simon W. Moore, Robert N. M. Watson, and Timothy M. Jones. CHERIvoke: Characterising Pointer Revocation using CHERI Capabilities for Temporal Memory Safety. In Proceedings of the 52nd IEEE/ACM International Symposium on Microarchitecture (IEEE MICRO 2019). Columbus, Ohio, USA, October 12-16, 2019.
  • Jonathan Woodruff, Alexandre Joannou, Hongyan Xia, Anthony Fox, Robert Norton, Thomas Bauereiss, David Chisnall, Brooks Davis, Khilan Gudka, Nathaniel W. Filardo, A. Theodore Markettos, Michael Roe, Peter G. Neumann, Robert N. M. Watson, and Simon W. Moore. CHERI Concentrate: Practical Compressed Capabilities. In IEEE Transactions on Computers, 10.1109/TC.2019.2914037, IEEE, 2019.
  • Brooks Davis, Robert N. M. Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, J. Edward Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, and Jonathan Woodruff. CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment. In Proceedings of 2019 Architectural Support for Programming Languages and Operating Systems (ASPLOS’19). Providence, RI, USA, April 13-17, 2019.
  • A. Theodore Markettos, Colin Rothwell, Brett F. Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson. Thunderclap: Exploring Vulnerabilities in Operating System IOMMU Protection via DMA from Untrustworthy Peripherals. In Proceedings of the Network and Distributed Systems Security Symposium (NDSS), San Diego, USA, 24-27 February 2019.
  • Kayvan Memarian, Victor B. F. Gomes, Brooks Davis, Stephen Kell, Alexander Richardson, Robert N. M. Watson, and Peter Sewell. Exploring C Semantics and Pointer Provenance. In Proceedings of the 46th ACM SIGPLAN Symposium on Principles of Programming Languages (POPL), Cascais, Portugal, 13-19 January, 2019.
  • Hongyan Xia, Jonathan Woodruff, Hadrien Barral, Lawrence Esswood, Alexandre Joannou, Robert Kovacsics, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alex Richardson, Simon W. Moore, and Robert N. M. Watson. CheriRTOS: A Capability Model for Embedded Devices.. Proceedings of the 2018 IEEE 36th International Conference on Computer Design (ICCD). Orlando, FL, USA, October 7-10, 2018.
  • Alexandre Joannou, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey Son, and A. Theodore Markettos. Efficient Tagged Memory. Proceedings of the 2017 IEEE 35th International Conference on Computer Design (ICCD). Boston, MA, USA, November 5-8, 2017.
  • Robert N. M. Watson, Peter G. Neumann, and Simon W. Moore. Balancing Disruption and Deployability in the CHERI Instruction-Set Architecture (ISA), New Solutions for Cybersecurity, Shrobe H., Shrier D., Pentland A. eds., MIT Press/Connection Science: Cambridge MA. (to appear, fall 2017)
  • Peter G. Neumann. Fundamental Trustworthiness Principles, in New Solutions for Cybersecurity, Howie Shrobe, David Shrier, Alex Pentland, eds., MIT Press/Connection Science: Cambridge MA. (to appear, fall 2017).
  • Alfredo Mazzinghi, Ripduman Sohan, and Robert N. M. Watson. Pointer Provenance in a Capability Architecture. Proceedings of the 10th USENIX Workshop on the Theory and Practice of Provenance (TaPP'18). London, UK, July 11-12, 2018.
  • David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W. Moore, Peter G. Neumann, Ben Laurie, and Robert N. M. Watson. CHERI-JNI: Sinking the Java security model into the C. Proceedings of the 22nd ACM International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2017). Xi'an, China, April 8–12, 2017.
  • Robert N.M. Watson, Robert M. Norton, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Michael Roe, Nirav H. Dave, Khilan Gudka, Alexandre Joannou, A. Theodore Markettos, Ed Maste, Steven J. Murdoch, Colin Rothwell, Stacey D. Son, and Munraj Vadera. Fast Protection-Domain Crossing in the CHERI Capability-System Architecture. IEEE Micro vol. 36 no. 5, p. 38-49, Sept.-Oct., 2016
  • Kayvan Memarian, Justus Matthiesen, James Lingard, Kyndylan Nienhuis, David Chisnall, Robert N. M. Watson, and Peter Sewell. Into the depths of C: elaborating the de facto standards. Proceedings of the 37th ACM SIGPLAN Conference on Programming Language Design and Implementation (PLDI 2016). Santa Barbara, CA, USA, June 2016.
  • Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, and Alex Richardson. Clean Application Compartmentalization with SOAAP, Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado, USA, October 2015.
  • Matthew Naylor and Simon W. Moore, A Generic Synthesisable Test Bench, Proceedings of the 13th ACM/IEEE Conference on Formal Methods and Models for Codesign (MEMOCODE), Austin, Texas, USA, September 2015.
  • Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, Proceedings of the 36th IEEE Symposium on Security and Privacy ("Oakland"), San Jose, California, USA, May 2015.
  • David Chisnall, Colin Rothwell, Robert N.M. Watson, Jonathan Woodruff, Munraj Vadera, Simon W. Moore, Michael Roe, Brooks Davis, and Peter G. Neumann. Beyond the PDP-11: Architectural support for a memory-safe C abstract machine, Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), Istanbul, Turkey, March 2015. (Audience choice: Best presentation award.)
  • Richard Uhler and Nirav Dave, Smten with Satisfiability-based Search, The ACM SIGPLAN conference on Systems, Programming, Languages and Applications: Software for Humanity (SPLASH 2014) Portland, OR, USA, October 20–24, 2014.
  • Ilias Marinos, Robert N. M. Watson, and Mark Handley, Network Stack Specialization for Performance, Proceedings of ACM SIGCOMM 2014 Conference (SIGCOMM'14), Chicago, IL, USA, August 17–22, 2014.
  • Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI capability model: Revisiting RISC in an age of risk, Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), Minneapolis, MN, USA, June 14–18, 2014.
  • Jonathan Anderson, Robert N. M. Watson, David Chisnall, Khilan Gudka, Brooks Davis, and Ilias Marinos. TESLA: Temporally Enhanced System Logic Assertions, Proceedings of The 2014 European Conference on Computer Systems (EuroSys 2014), Amsterdam, The Netherlands, April 14–16 2014.
  • Muralidaran Vijayaraghavan, Nirav Dave and Arvind, Modular Compilation of Guarded Atomic Actions, MemoCODE 2013, Portland, OR, USA, October 18–20, 2013.
  • Richard Uhler and Nirav Dave, Smten: Automatic Translation of High-level Symbolic Computations into SMT Queries, Computer-Aided Verification (CAV 2013), St. Petersburg, Russia, July 13–19, 2013.
  • William R. Harris, Somesh Jha, Thomas Reps, Jonathan Anderson, and Robert N. M. Watson, Declarative, Temporal, and Practical Programming with Capabilities, IEEE Symposium on Security and Privacy ("Oakland"), San Francisco, CA, USA, May 19–22, 2013.
  • Robert N.M. Watson, A Decade of OS Access-Control Extensibility: Open-source Security Foundations for mobile and embedded devices, Communications of the ACM, 56(2), February 2013, pages 52–63.
  • Peter G. Neumann, Inside Risks: More Sight on Foresight, Communications of the ACM, 56(2), February 2013, pages 23–25.
  • Peter G. Neumann, Inside Risks: The Foresight Saga, Redux, Communications of the ACM, 55(10), October 2012.
  • Myron King, Nirav Dave, and Arvind, Automatic Generation of Hardware/Software Interfaces, Architectural Support for Programming Languages and Operating Systems (ASPLOS 2012), London, UK, March 3–7 2012.

Research workshop papers

  • Ilias Marinos, Robert N. M. Watson, and Mark Handley. Network stack specialisation for performance. Twelfth ACM Workshop on Hot Topics in Networks (HotNets-XII), College Park, MD, USA, November 21–22, 2013.
  • Robert N. M. Watson, Steven J. Murdoch, Khilan Gudka, Jonathan Anderson, Peter G. Neumann, and Ben Laurie, Towards a theory of application compartmentalisation, Security Protocols Workshop, Cambridge, UK, March 18–20, 2013.
  • Jonathan Woodruff, Simon W. Moore and Robert N.M. Watson, Memory Segmentation to Support Secure Applications, CEUR Workshop: Doctoral Symposium on Engineering Secure Software and Systems (ESSoS), Paris, France, 26–27 February, 2013.
  • Khilan Gudka, Robert N. M. Watson, Steven Hand, Ben Laurie, and Anil Madhavapeddy, Exploring compartmentalisation hypotheses with SOAAP, Adaptive Host and Network Security (AHANS 2012), Lyons, France, September 10–14, 2012.
  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, and Hassen Saidi, CHERI: A Research Platform Deconflating Hardware Virtualization and Protection, Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March 5, 2012.
  • Peter G. Neumann and Robert N. M. Watson, Capabilities Revisited: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems, Fourth Layered Assurance Workshop (in association with ACSAC 2010), Austin, Texas, USA, December 6–7, 2010.

Open-source and industrial papers

Presentations

  • Robert N. M. Watson, Simon W. Moore, Peter Sewell, Peter G. Neumann, Hesham Almatary, Ricardo de Oliveira Almeida, Jonathan Anderson, Alasdair Armstrong, Rosie Baish, Peter Blandford-Baker, John Baldwin, Hadrien Barrel, Thomas Bauereiss, Ruslan Bukin, Brian Campbell, David Chisnall, Jessica Clarke, Nirav Dave, Brooks Davis, Lawrence Esswood, Nathaniel W. Filardo, Franz Fuchs, Dapeng Gao, Ivan Gomes-Ribeiro, Khilan Gudka, Brett Gutstein, Angus Hammond, Graeme Jenkinson, Alexandre Joannou, Mark Johnston, Robert Kovacsics, Ben Laurie, A. Theo Markettos, J. Edward Maste, Alfredo Mazzinghi, Alan Mujumdar, Prashanth Mundkur, Steven J. Murdoch, Edward Napierala, George Neville-Neil, Kyndylan Nienhuis, Robert Norton-Wright, Philip Paeps, Lucian Paul-Trifu, Allison Randal, Ivan Ribeiro, Alex Richardson, Michael Roe, Colin Rothwell, Peter Rugg, Hassen Saidi, Thomas Sewell, Stacey Son, Ian Stark, Domagoj Stolfa, Andrew Turner, Munraj Vadera, Konrad Witaszczyk, Jonathan Woodruff, Hongyan Xia, Vadim Zaliva, and Bjoern A. Zeeb. CHERI: Architectural Support for Memory Protection and Compartmentalization, 12 October 2022. (slides)
  • Robert N. M. Watson, Simon W. Moore, Peter Sewell, Peter G. Neumann, Hesham Almatary, Ricardo de Oliveira Almeida, Jonathan Anderson, Alasdair Armstrong, Rosie Baish, Peter Blandford-Baker, John Baldwin, Hadrien Barrel, Thomas Bauereiss, Ruslan Bukin, Brian Campbell, David Chisnall, Jessica Clarke, Nirav Dave, Brooks Davis, Lawrence Esswood, Nathaniel W. Filardo, Franz Fuchs, Dapeng Gao, Ivan Gomes-Ribeiro, Khilan Gudka, Brett Gutstein, Angus Hammond, Graeme Jenkinson, Alexandre Joannou, Mark Johnston, Robert Kovacsics, Ben Laurie, A. Theo Markettos, J. Edward Maste, Alfredo Mazzinghi, Alan Mujumdar, Prashanth Mundkur, Steven J. Murdoch, Edward Napierala, George Neville-Neil, Kyndylan Nienhuis, Robert Norton-Wright, Philip Paeps, Lucian Paul-Trifu, Allison Randal, Ivan Ribeiro, Alex Richardson, Michael Roe, Colin Rothwell, Peter Rugg, Hassen Saidi, Thomas Sewell, Stacey Son, Ian Stark, Domagoj Stolfa, Andrew Turner, Munraj Vadera, Konrad Witaszczyk, Jonathan Woodruff, Hongyan Xia, Vadim Zaliva, and Bjoern A. Zeeb. CHERI update, UKRI Digitial Security by Design All Hands Meeting, Online, 11 October 2022. (slides)
  • Robert N. M. Watson (University of Cambridge), Simon W. Moore (Cambridge), Peter Sewell (Cambridge), Peter G. Neumann (SRI), Brooks Davis (SRI), Joakim Bech (Linaro), Luis Machado (Linaro), Mark Nicholson (Arm), and Mark Inskip (Arm). Morello Consortium update, UKRI Digital Security by Design All Hands Meeting, Online, 7 May 2021. (slides)
  • Brooks Davis, Robert N. M. Watson, Alexander Richardson, Peter G. Neumann, Simon W. Moore, John Baldwin, David Chisnall, Jessica Clarke, Nathaniel Wesley Filardo, Khilan Gudka, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, J. Edward Maste, Alfredo Mazzinghi, Edward Tomasz Napierala, Robert M. Norton, Michael Roe, Peter Sewell, Stacey Son, and Jonathan Woodruff. CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, ASPLOS 2019, Providence, RI, USA, 14 April 2019. (slides)
  • Robert N. M. Watson, Simon W. Moore, Peter G. Neumann, Hesham Almatary, Jonathan Anderson, John Baldwin, Hadrien Barrel, Ruslan Bukin, David Chisnall, Nirav Dave, Brooks Davis, Lawrence Esswood, Nathaniel W. Filardo, Khilan Gudka, Alexandre Joannou, Robert Kovacsics, Ben Laurie, A. Theo Markettos, J. Edward Maste, Alfredo Mazzinghi, Alan Mujumdar, Prashanth Mundkur, Steven J. Murdoch, Edward Napierala, Robert Norton-Wright, Philip Paeps, Lucian Paul-Trifu, Alex Richardson, Michael Roe, Colin Rothwell, Hassen Saidi, Peter Sewell, Stacey Son, Domagoj Stolfa, Andrew Turner, Munraj Vadera, Jonathan Woodruff, Hongyan Xia, and Bjoern A. Zeeb. CHERI: Architectural Support for Memory Protection and Compartmentalization, 2 April 2019. (slides)
  • Khilan Gudka, Alexander Richardson, and Robert N. M. Watson. Protecting C++ Applications Using CHERI, Principles of Secure Compilation (PriSC 2019), Cascais, Portugal, 13 January 2019. (slides)
  • Alexander Richardson and Robert N. M. Watson. Secure Linking in the CheriBSD Operating System, Principles of Secure Compilation (PriSC 2019), Cascais, Portugal, 13 January 2019. (slides)
  • Robert N. M. Watson, Simon W. Moore, Peter G. Neumann, Jonathan Anderson, John Baldwin, Hadrien Barrel, Ruslan Bukin, David Chisnall, Nirav Dave, Brooks Davis, Lawrence Esswood, Khilan Gudka, Alexandre Joannou, Robert Kovacsics, Ben Laurie, A. Theo Markettos, J. Edward Maste, Alfredo Mazzinghi, Alan Mujumdar, Prashanth Mundkur, Steven J. Murdoch, Edward Napierala, Robert Norton-Wright, Philip Paeps, Lucian Paul-Trifu, Alex Richardson, Michael Roe, Colin Rothwell, Hassen Saidi, Peter Sewell, Stacey Son, Domagoj Stolfa, Andrew Turner, Munraj Vadera, Jonathan Woodruff, Hongyan Xia, and Bjoern A. Zeeb. CHERI: A Hybrid Capability Architecture, MIT CSAIL Seminar, Cambridge, Massachussetts, USA, 9 November 2017. (slides)
  • Alexandre Joannou, Jonathan Woodruff, Robert Kovacsics, Simon W. Moore, Alex Bradbury, Hongyan Xia, Robert N. M. Watson, David Chisnall, Michael Roe, Brooks Davis, Edward Napierala, John Baldwin, Khilan Gudka, Peter G. Neumann, Alfredo Mazzinghi, Alex Richardson, Stacey Son, and A. Theodore Markettos. Efficient Tagged Memory, ICCD 2017, Boston, MA, USA, 8 November 2017. (slides)
  • David Chisnall, Brooks Davis, Khilan Gudka, David Brazdil, Alexandre Joannou, Jonathan Woodruff, A. Theodore Markettos, J. Edward Maste, Robert Norton, Stacey Son, Michael Roe, Simon W. Moore, Peter G. Neumann, Ben Laurie, and Robert N. M. Watson. CHERI JNI: Sinking the Java security model into the C, ASPLOS 2017, Xi'an, China, 12 April 2017. (slides)
  • Khilan Gudka, Alexander Richardson, and Robert N. M. Watson. Protecting C++ Applications Using CHERI, Principles of Secure Compilation (PriSC 2019), Cascais, Portugal, 13 January 2019. (slides)
  • Alexander Richardson and Robert N. M. Watson. Secure Linking in the CheriBSD Operating System, Principles of Secure Compilation (PriSC 2019), Cascais, Portugal, 13 January 2019. (slides)
  • Robert N. M. Watson, Simon W. Moore, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ruslan Bukin, David Chisnall, Nirav Dave, Brooks Davis, Lawrence Esswood, Khilan Gudka, Alexandre Joannou, Chris Kitching, Ben Laurie, A. Theo Markettos, Alan Mujumdar, Steven J. Murdoch, Robert Norton, Philip Paeps, Alex Richardson, Michael Roe, Colin Rothwell, Hassen Saidi, Stacey Son, Munraj Vadera, Hongyan Xia, and Bjoern Zeeb. CHERI: A Hybrid Capability-System Architecture, NewOS Workshop 2, ETH Zurich, 17 February 2016. (slides)
  • Robert N.M. Watson, Simon W. Moore, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, Ruslan Bukin, David Chisnall, Nirav Dave, Brooks Davis, Lawrence Esswood, Khilan Gudka, Alexandre Joannou, Chris Kitching, Ben Laurie, A. Theo Markettos, Alan Mujumdar, Steven J. Murdoch, Robert Norton, Philip Paeps, Alex Richardson, Michael Roe, Colin Rothwell, Hassen Saidi, Stacey Son, Munraj Vadera, Hongyan Xia, and Bjoern Zeeb. CHERI A Hybrid Capability-System Architecture, Layered Assurance Workshop (LAW 2015), Annual Computer Security Applications Conference (ACSAC 2015), Los Angeles, CA, 7 December 2015. (slides)
  • Khilan Gudka, Robert N.M. Watson, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Ilias Marinos, Peter G. Neumann, and Alex Richardson. Clean Application Compartmentalization with SOAAP, Proceedings of the 22nd ACM Conference on Computer and Communications Security (CCS 2015), Denver, Colorado, USA, October 2015. (slides)
  • Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Khilan Gudka, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, Proceedings of the 36th IEEE Symposium on Security and Privacy ("Oakland"), San Jose, California, USA, May 18 2015. (slides)
  • David Chisnall, Colin Rothwell, Robert N.M. Watson, Jonathan Woodruff, Munraj Vadera, Simon W. Moore, Michael Roe, Brooks Davis, and Peter G. Neumann. Beyond the PDP-11: Processor support for a memory-safe C abstract machine, Proceedings of Architectural Support for Programming Languages and Operating Systems (ASPLOS 2015), Istanbul, Turkey, March 5, 2015. (slides)
  • Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI Capability Model - Revisiting RISC for an Age of Risk, Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), Minneapolis, MN, USA, June 18, 2014. (video, slides)
  • Robert N.M. Watson, Peter G. Neumann Jonathan Woodruff, Jonathan Anderson, Ross Anderson, Nirav Dave, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Philip Paeps, Michael Roe, and Hassen Saidi. CHERI: a research platform deconflating hardware virtualization and protection. Workshop on Runtime Environments, Systems, Layering and Virtualized Environments (RESoLVE 2012), March 2, 2012. (slides)

Technical Reports - ISA specification and hardware/software references

Current technical reports

Older technical reports

  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Hesham Almatary, Jonathan Anderson, John Baldwin, Graeme Barnes, David Chisnall, Jessica Clarke, Brooks Davis, Lee Eisen, Nathaniel Wesley Filardo, Richard Grisenthwaite, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Kyndylan Nienhuis, Robert Norton, Alexander Richardson, Peter Rugg, Peter Sewell, Stacey Son, Hongyan Xia. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 8), Technical Report UCAM-CL-TR-951, Computer Laboratory, October 2020. Note: superseded by UCAM-TR-987
  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Hesham Almatary, Jonathan Anderson, John Baldwin, David Chisnall, Brooks Davis, Nathaniel Wesley Filardo, Alexandre Joannou, Ben Laurie, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Kyndylan Nienhuis, Robert Norton, Alex Richardson, Peter Rugg, Peter Sewell, Stacey Son, Hongyan Xia. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 7), Technical Report UCAM-CL-TR-927, Computer Laboratory, June 2019. Note: superseded by UCAM-TR-951
  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, John Baldwin, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, Hongyan Xia. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 6), Technical Report UCAM-CL-TR-907, Computer Laboratory, April 2017. Note: superseded by UCAM-TR-927
  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, Stacey Son, Hongyan Xia. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture (Version 5), Technical Report UCAM-CL-TR-891, Computer Laboratory, June 2016. Note: superseded by UCAM-TR-907
  • Robert N. M. Watson, Peter G. Neumann, Jonathan Woodruff, Michael Roe, Jonathan Anderson, David Chisnall, Brooks Davis, Alexandre Joannou, Ben Laurie, Simon W. Moore, Steven J. Murdoch, Robert Norton, and Stacey Son. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture, Technical Report UCAM-CL-TR-876, University of Cambridge, Computer Laboratory, September 2015. Note: superseded by UCAM-CL-TR-891
  • Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, and Michael Roe. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture, Technical Report UCAM-CL-TR-864, University of Cambridge, Computer Laboratory, December 2014. Note: superseded by UCAM-CL-TR-876
  • Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, and Jonathan Woodruff. Bluespec Extensible RISC Implementation: BERI Software Reference, Technical Report UCAM-CL-TR-853, University of Cambridge, Computer Laboratory, April 2014. Note: superseded by UCAM-CL-TR-869.
  • Robert N.M. Watson, Jonathan Woodruff, David Chisnall, Brooks Davis, Wojciech Koszek, A. Theodore Markettos, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, Robert Norton, and Michael Roe. Bluespec Extensible RISC Implementation: BERI Hardware Reference, Technical Report UCAM-CL-TR-852, University of Cambridge, Computer Laboratory, April 2014. Note: superseded by UCAM-CL-TR-868.
  • Robert N.M. Watson, David Chisnall, Brooks Davis, Wojciech Koszek, Simon W. Moore, Steven J. Murdoch, Peter G. Neumann, and Jonathan Woodruff. Capability Hardware Enhanced RISC Instructions: CHERI User’s Guide, Technical Report UCAM-CL-TR-851, University of Cambridge, Computer Laboratory, April 2014. Note: superseded by UCAM-CL-TR-877
  • Robert N.M. Watson, Peter G. Neumann, Jonathan Woodruff, Jonathan Anderson, David Chisnall, Brooks Davis, Ben Laurie, Simon W. Moore, Steven J. Murdoch, and Michael Roe. Capability Hardware Enhanced RISC Instructions: CHERI Instruction-Set Architecture, Technical Report UCAM-CL-TR-850, University of Cambridge, Computer Laboratory, April 2014. Note: superseded by UCAM-CL-TR-864.

PhD dissertations

Media

  • Robert N. M. Watson, the New Scientist's 11 August 2018 issue contains an article, Uncrackable computer chips stop malicious bugs attacking your computer, describes ongoing research involving architectural security, including CHERI. Link.
  • Robert N. M. Watson, the Economist's June 2014 Technology Quarterly explores how compartmentalised software designs can mitigate vulnerabilities such as Heartbleed could impact privacy in Big Data systems. Link.
  • Peter G. Neumann, the San Jose Mercury News's Bruce Newman talks with Peter Neumann about cybersecurity. Link.
  • Robert N. M. Watson, IEEE Spectrum Techwise Conversation podcast interview, recorded 26 December 2012, explores the argument for clean-slate design and the nature of current attacker-defender asymmetry. Link.
  • Peter G. Neumann, Minnesota Public Radio's The Daily Circuit, 27 December 2012, discusses the inadequacy of passwords and the need for trustworthy systems. Link.
  • Peter G. Neumann. A profile of Peter Neumann, written by John Markoff, was included in The New York Times Science Tuesday section on 30 October 2012, along with a short video clip in the online version. Link.
  • Robert N. M. Watson, Queue Portrait: Robert Watson recorded in August 2012, explores research into the hardware-software interface. Link.
  • Peter G. Neumann, The New York Times has published a Special section on security with a quote from Peter G. Neumann in the lead article and an article on the CRASH program mentioning our work on CHERI.