Introduction to Cheri
As mentioned previously Cheri is the collaborative project led by Cambridge University that aims to greatly increase the security of hardware by using capabilities and sandboxes for secure memory management.
What are capabilities?
Capabilities provide a way of protecting object references, each object reference is accompanied by a permission. The system will often store a lookup for what can access the references inside some protected memory inside the kernel which can not be reached by user programs.
“Capability-based security refers to the design concept in computing systems where an unforgeable token is generated. This token represents the reference to an object, that includes a set of access rights to a computer system.”
Capabilities have been around for a long time and many operating systems implement a similar system but none are secure as an OS based solely on using Capabilities.
Hardware usually implements some Capability based addressing, this basically replaces pointers (memory references) with capabilities. These capabilities can only be created with privileged instructions by the kernel or a process that has the correct rights to create them. This allows control of which process accesses those objects without created a new address space.
Previous hardware implementations include the Intel iAPX 432 which was released in 1981, this CPU had issues with lack of cache space required to run Capability based addressing as well as poor performance but processors have come a long way since these earlier these devices.