UCL  IRIS
Institutional Research Information Service
UCL Logo
Please report any queries concerning the funding data grouped in the sections named "Externally Awarded" or "Internally Disbursed" (shown on the profile page) to your Research Finance Administrator. Your can find your Research Finance Administrator at https://www.ucl.ac.uk/finance/research/rs-contacts.php by entering your department
Please report any queries concerning the student data shown on the profile page to:

Email: portico-services@ucl.ac.uk

Help Desk: http://www.ucl.ac.uk/ras/portico/helpdesk
Publication Detail
Fast Protection-Domain Crossing in the CHERI Capability-System Architecture
  • Publication Type:
    Journal article
  • Publication Sub Type:
    Journal Article
  • Authors:
    Watson RNM, Norton RM, Woodruff J, Moore SW, Neumann PG, Anderson J, Chisnall D, Davis B, Laurie B, Roe M, Dave NH, Gudka K, Joannou A, Markettos AT, Maste E, Murdoch SJ, Rothwell C, Son SD, Vadera M
  • Publication date:
    01/09/2016
  • Pagination:
    38, 49
  • Journal:
    IEEE Micro
  • Volume:
    36
  • Issue:
    5
  • Status:
    Published
  • Print ISSN:
    0272-1732
Abstract
© 1981-2012 IEEE. Capability Hardware Enhanced RISC Instructions (CHERI) supplement the conventional memory management unit (MMU) with instruction-set architecture (ISA) extensions that implement a capability system model in the address space. CHERI can also underpin a hardware-software object-capability model for scalable application compartmentalization that can mitigate broader classes of attack. This article describes ISA additions to CHERI that support fast protection-domain switching, not only in terms of low cycle count, but also efficient memory sharing with mutual distrust. The authors propose ISA support for sealed capabilities, hardware-assisted checking during protection-domain switching, a lightweight capability flow-control model, and fast register clearing, while retaining the flexibility of a software-defined protection-domain transition model. They validate this approach through a full-system experimental design, including ISA extensions, a field-programmable gate array prototype (implemented in Bluespec SystemVerilog), and a software stack including an OS (based on FreeBSD), compiler (based on LLVM), software compartmentalization model, and open-source applications.
Publication data is maintained in RPS. Visit https://rps.ucl.ac.uk
 More search options
UCL Researchers
Author
Dept of Computer Science
University College London - Gower Street - London - WC1E 6BT Tel:+44 (0)20 7679 2000

© UCL 1999–2011

Search by