Computer Laboratory


CTSRD – Rethinking the hardware-software interface for security

CHERI tablet photo
July 2017: We have now posted the CHERI ISAv6 specification, which introduces support for kernel-mode compartmentalization, jump-based rather than exception-based domain transition, architecture-abstracted and efficient tag restoration, and more efficient generated code. A new chapter addresses potential applications of the CHERI model to the RISC-V and x86-64 ISAs, previously described relative only to the 64-bit MIPS ISA. CHERI ISAv6 better explains our design rationale and research methodology.
June 2017: We have now posted our ASPLOS 2017 paper, CHERI-JNI: Sinking the Java security model into the C, which explores how CHERI capabilities can be used to support sandboxing with safe and efficient memory sharing between Java Native Interface (JNI) code and the Java Virtual Machine.
December 2014: The New York Times has published a Special section on security with a quote from Peter G. Neumann in the lead article and an article on the CRASH program mentioning our work on CHERI.
Learn more about fundamental research into security and the hardware-software interview by watching Robert Watson's August 2012 ACM Queue interview.

Clean Slate Trustworthy Secure Research and Development (CTSRD - pronounced "custard") is a joint research project between SRI International's Computer Science Laboratory and the University of Cambridge Computer Laboratory, supported by DARPA (part of the DARPA CRASH programme) and Google. The project is revisiting the hardware-software security interface for general-purpose CPUs to fundamentally improve security; to this end, we are integrating a hybrid capability model and continuous hardware-assisted validation of security design principles with a commodity CPU ISA and open source operating systems. We are pursuing several new software/hardware features as part of this research:

There is a strong interest, throughout, in judiciously applying formal methodology and bringing formally grounded techniques to mainstream hardware and software development. This work has motivated the creation of the Bluespec extensible RISC implementation – an open-source platform for research into the hardware-software interface, with a BSD-licensed operating system and toolchain based on FreeBSD and Clang/LLVM. We are using open source, wherever possible, to transition new technologies into mainstream use.

CTSRD builds on long past experience at both institutions in security and systems research, including Multics, PSOS, the Newcastle DSS, separation kernels, the DARPA CHATS programme, PVS/SAL/YICES, LynuxWorks, the CAP computer, the MAC Framework, multi-threaded CPU design, Xen, Capsicum, and MirageOS.

News media