Department of Computer Science and Technology


CTSRD – Project news

February 2021

We have open sourced a CHERI adaptation of the WebKit browser framework and JavaScript interpreter, which has been developed in close collaboration with Arm. This is the first open-source JIT available for CHERI, and runs on Arm's Morello architecture.

October 2020

We have posted CHERI ISAv8. This ISA version is synchronized to Arm's Morello architecture, as well as presenting a mature version of our CHERI-RISC-V ISA.

September 2020

Arm has published its Morello architecture specification, a fully elaborated integration of the CHERI protection model into their ARMv8-A architecture.

June 2020

We have posted a new technical report, CHERI C/C++ Programming Guide, which documents the memory-safe CHERI pure-capability C and C++ programming languages, and their implications for software implementation and portability.

April 2020

We are pleased to announce two new papers on our website, both published at the IEEE Symposium on Security and Privacy (Oakland), on Cornucopia: Temporal Safety for CHERI Heaps and Rigorous engineering for hardware security: Formal modelling and proof in the CHERI design and implementation process.

October 2019

We are advertising two new jobs in compiler/OS research and engineering. These positions will contribute to our research and development on the Arm Morello board and CHERI software stack.

September 2019

UKRI has announced the Digital Security by Design Challenge, which includes £8M EPSRC and £3M ESRC calls to support new UK research around CHERI using an Arm-built CHERI-ARM 64-bit demonstrator CPU, SoC, and board (supported by InnovateUK), to be available from 2021.

We have now posted a new technical report, An Introduction to CHERI, which is a high-level summary of our work on CHERI architecture, microarchitecture, formal modeling, and software.

We have now posted our IEEE MICRO 2019 paper, CHERIvoke: Characterising Pointer Revocation using CHERI Capabilities for Temporal Memory Safety, which explores the potential for implementing strong temporal memory safety using the CHERI architecture.

June 2019

We have now posted the CHERI ISAv7 technical report. This new version of the CHERI architecture better differentiates architecture-neutral and architecture-specific aspects of CHERI, elaborates CHERI-RISC-V, adopts the CHERI Concentrate compression model, adds support for side-channel resistance, and makes a variety of other changes to improve performance and functionality. This is the first version of our specification that directly incorporates formal description of the ISA.

May 2019

We have now posted our IEEE Transactions on Computers article, CHERI Concentrate: Practical Compressed Capabilities, on techiques for the efficient storage of CHERI capabilities in memory.

April 2019

We are pleased to announce that our paper, CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, has won an ASPLOS 2019 Best Paper award.

We have posted an extended technical-report version of our ASPLOS 2019 CheriABI paper.

January 2019

We have now posted our ASPLOS 2019 paper, CheriABI: Enforcing Valid Pointer Provenance and Minimizing Pointer Privilege in the POSIX C Run-time Environment, on the general-purpose OS design implications of CHERI when used for ubiquitous memory safety.

August 2018

The New Scientist has published an article, Uncrackable computer chips stop malicious bugs attacking your computer, covering CHERI and other projects relating to security-focused computer architectures.

February 2018

We have posted new technical report describing how CHERI interacts with the Meltdown and Spectre side-channel attacks.

October 2017

We have now posted our ICCD 2017 paper, Efficient Tagged Memory, which explores the design and implementation of efficient hardware for tagged memory.

July 2017

We have now posted the CHERI ISAv6 specification, which introduces support for kernel-mode compartmentalization, jump-based rather than exception-based domain transition, architecture-abstracted and efficient tag restoration, and more efficient generated code. A new chapter addresses potential applications of the CHERI model to the RISC-V and x86-64 ISAs, previously described relative only to the 64-bit MIPS ISA. CHERI ISAv6 better explains our design rationale and research methodology.

April 2017

We have now posted our ASPLOS 2017 paper, CHERI-JNI: Sinking the Java security model into the C, which explores how CHERI capabilities can be used to support sandboxing with safe and efficient memory sharing between Java Native Interface (JNI) code and the Java Virtual Machine.

June, 2016

We have now posted the CHERI ISAv5 specification, which improves the maturity of 128-bit capabilities, code generation efficiency, and more detailed descriptions of the protection model.

We have now posted our PLDI 2016 paper, Into to the depths of C: elaborating the de facto standards, which develops a formal model for the C language -- and explores its implications for CHERI. This paper won a PLDI 2016 distinguished paper award.

May, 2016

We have now posted slides from the first CHERI microkernel workshop, which took place in Cambridge, UK in April 2016.

April, 2016

The first CHERI microkernel workshop took place in Cambridge, UK on 23 April 2016, drawing attendees from SRI International, the University of Cambridge, T U Dresden, ETH Zurich, George Washington University, ARM, Broadcom, Google, and Hewlett Packard Labs, and Oracle.

February, 2016

We have posted QEMU-CHERI, an ISA-level simulation of CHERI MIPS, to complement our HDL prototypes. QEMU-CHERI runs CheriBSD, providing an accessible CHERI experimentation environment.

November, 2015

Two new technical reports on CHERI are now available: CHERI ISAv4, and the CHERI Programmer's Guide.

October, 2015

Khilan Gudka has presented our paper on SOAAP, a tool to explore and evaluate compartmentalised software at ACM CCS 2015.

August, 2015

Our paper on SOAAP, an analysis tool to explore and evaluate compartmentalised software, has been accepted to ACM CCS 2015.

May, 2015

Our third full paper on CHERI, CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, was presented at the IEEE Symposium on Security and Privacy (Oakland) in May 2015. This paper discusses the hardware-software object-capability model used for software compartmentalisation on CHERI.

We have made a new release of the BERI/CHERI source code, which has been updated for our most recent architectural changes described in our ASPLOS and Oakland papers, and includes everything necessary to synthesise BERI on an Altera FPGA.

April, 2015

Our second full paper on CHERI, Beyond the PDP-11: Architctural support for a memory-safe C abstract machine was presented at ASPLOS in March and received the Audience choice: Best presentation award. This paper discusses convergence of ideas about fat pointers and capabilities needed to support widely used C-language code idioms when compiling for CHERI.

December, 2014

The New York Times has published a Special section on security with a quote from Peter G. Neumann in the lead article and an article on the CRASH program mentioning our work on CHERI.

June, 2014

We have now open sourced the BERI processor and its software stack, making available a high-quality RISC processor implementation and associated operating-system, compiler, and application stacks suitable for hardware-software teaching and research. This release includes full support for the CHERI ISA, which supports fine-grained memory protection and scalable software compartmentalization. This release coincides with presentation of our paper on the CHERI memory model at ISCA 2014.

April, 2014

Our first full paper on CHERI, The CHERI capability model: Revisiting RISC in an age of risk, will be presented at the International Symposium on Computer Architecture (ISCA) in June 2014.

We have now posted our paper on TESLA, presented at EuroSys 2014 in Amsterdam, The Netherlands. TESLA is a Clang/LLVM-based dynamic temporal assertion system that we have used to validate complex security properties, such as check-before-use, in operating systems, applications, and also security test suites.

February, 2014
The University of Cambridge Computer Laboratory has posted a job ad for multiple research assistants and post-doctoral researchers to work in the areas of operating-system, compiler, and CPU security. These roles will contribute to our CHERI, TESLA, and SOAAP projects, as well as support an open-source hardware-software research community we hope to develop around the CHERI processor.
December, 2013

Robert Watson has written a Light Blue Touchpaper blog post, 2013 Capsicum year in review, describing research and deployment progress for Capsicum in 2013.

October, 2013

We have now created a BERI open-source downloads web page that includes links to the hardware specs and build instructions for our Terasic DE4-based tablet, FreeBSD OS support, test suite, and shortly, open-source Bluespec designs.

Google has announced Capsicum for Linux, an adaptation of the Linux kernel to support Capsicum capability mode, capabilities, and process descriptors. This follows on the heels of ports of Capsicum to DragonFlyBSD, and news that FreeBSD 10.0 will ship with Capsicum enabled by default – along with several key applications sandboxed with Capsicum "out of the box".

August, 2013
We have open sourced Smten, a programming and SMT orchestration tool intended to support computer-aided verification of hardware designs, such as the CHERI processor, presented at CAV 2013.
June, 2013
We have open sourced the hardware specs and build instructions for our Terasic DE4-based tablet design. We use this tablet platform to host our BERI and CHERI processors.
April, 2013
The University of Cambridge Computer Laboratory has posted two job ads for the CTSRD project: research assistant and post-doctoral research associate positions in processor, operating system, and compiler security. Please see the job ads or recent blog post for further details.
December 2012
IEEE Spectrum has posted a Techwise Conversations podcast with Robert Watson discussing the clean-slate argument for computer security in operating systems and computer architecture.
October 2012

The New York Times has posted an article on Peter G. Neumann and our work on clean-slate host and network security as part of their Science section.

ACM Queue has posted a video interview with Robert Watson, CTSRD project lead at Cambridge on the topic of research into the hardware-software interface, as well as the CHERI processor.

An early prototype of our SOAAP toolchain is now available for download.

September 2012
We have now posted a workshop paper describing the Security-Oriented Analysis of Application Programs (SOAAP) at the Workshop on Adaptive Host and Network Security (AHANS 2012) in Lyon, France.
August 2012
BERI support for the FreeBSD operating system has been committed to the FreeBSD Subversion repository, and will be included in FreeBSD 10.0.
March 2012
We have now posted a workshop paper describing our goals in the CHERI project. This paper was presented at RESoLVE 2012 in London.
February 2012
Communications of the ACM Research Highlights carries two articles on Capsicum, a hybrid capability system model developed in collaboration between the University of Cambridge and Google Research. Capsicum introduces new operating system primitives in support of application compartmentalisation, the fine-grained decomposition of software applications into independently sandboxed components in order to mitigate security vulnerabilities.
January 2012
FreeBSD 9.0 ships with experimental support for Capsicum! Learn more about Capsicum below.