CHERI
The CAPcelerate project
Contents |
Outline
CAPcelerate is a £1.2m project funded by the UK Industrial Strategy Challenge Fund's Digital Security by Design (DSbD) programme, led by Dr Timothy Jones and Dr A. Theodore Markettos.
In parallel with the production of Morello platform, the project seeks to consider the implications of using CHERI capabilities in various classes of accelerators, such as GPUs, AI and crypto accelerators and FPGAs. In particular we are interested in workloads that have rich software stacks that interwork with CPU code in shared memory. We are considering whether it is feasible to add capability support to such accelerators and their software stacks (compilers, drivers, libraries, etc), or whether alternative schemes can be used to protect from accelerators that might be running malicious software, or potentially malicious hardware itself (for example, a malicious external Thunderbolt GPU).
Related projects
This project builds on other recent work. In particular, we published Thunderclap, a series of vulnerabilities in commodity operating systems' use of Input/Output Memory Management Unit (IOMMU) protection against malicious devices such as network cards. In response to the publication of the Thunderclap paper, a number of vendors including Apple, Microsoft, Intel and others have improved their IOMMU protections and use of them has been mandated in the USB 4 and Thunderbolt 4 standards.
Thunderclap is part of the EPSRC-funded IOSEC project, part of the RISE initiative. IOSEC has additionally been considering other forms of protection from malicious peripheral devices, such as networking and storage.
Further reading:
A. Theodore Markettos, John Baldwin, Ruslan Bukin, Peter G. Neumann, Simon W. Moore, Robert N.M. Watson. Position Paper: Defending Direct Memory Access with CHERI Capabilities. Hardware and Architectural Support for Security and Privacy (HASP) 2020, October 2020.