CHERITech 2024 is the third workshop in the series bringing together industry, academia and government experts evaluating CHERI security technology. This event was held at University of Cambridge with previous events at King’s College London and University of Glasgow. CHERITech’24 saw approximately 140 attendees with 15 speakers presenting the advances on CHERI in both academia and industry.
Robert Watson (University of Cambridge) kicked off the event with an overview of the current state of R&D, which was followed by a demonstration of library-based compartmentalisation across a range of desktop applications. This prototype demonstrates that library-based compartmentalisation running on Morello (CHERI-on-ARM processors) is highly scalable with over 1 million compartment transitions per second being tractable while still maintaining a highly responsive graphical user interface.
Tariq Kurd (Codasip) reviewed the standardisation effort bringing CHERI to the open source RISC-V instruction set architecture (ISA). This provided a background to the following talks that all used CHERI-RISC-V. The Zephyr embedded operating system on CHERI-RISC-V was introduced and demonstrated by Jennifer Jackson & Minmin Jiang (University of Birmingham). David Chisnall (SCI Semiconductor, previously at Microsoft Research) presented work on protecting supply chains using their CHERI enhanced RISC-V based microcontroller – CHERIoT – originally developed at Microsoft Research. CHERIoT was also the focus of work by Tom Melham (University of Oxford) who had used innovative techniques to formally verify key properties of the microcontroller. Matt Naylor (University of Cambridge) presented his work on SIMTight, a CHERI enhanced RISC-V based GPU.
There were several talks from industry evaluating Morello (CHERI-on-ARM processors). Daniel King (Adacore) demonstrated the benefits of using CHERI for high integrity systems like air traffic control. Hardeep Chahal (Beam Connectivity et al.) and Peter Davies (Thales) explored the security and economic benefits of CHERI for the automotive sector. Nick Connolly (Rtegrity) presented his evaluation of CHERI library-based compartmentalisation for storage stacks. Graeme Jenkinson (Capabilities Ltd) demonstrated the use of CHERI for the Chromium web browser, which is a huge code base that includes the V8 JavaScript and WebAssembly engine. CHERI support in Linux was presented by Vincenzo Frascino (ARM Ltd).
Sarah Harris (University of Kent) explored how CHERI can bring additional safety to the Rust language. Pierre Olivier (University of Manchester) demonstrated how CHERI can be used for minimal single address space operating systems (unikernels). Use of CHERI for virtual machines was discussed by Jeremy Singer (University of Glasgow).