In the ever-evolving landscape of cybersecurity, the need to fortify the hardware foundations of software stacks has become increasingly critical. As cyber threats grow more sophisticated, so too must the defences that protect sensitive data and infrastructure. A recent study led by Shamal Faily, a renowned researcher in the field, sheds light on the challenges and opportunities presented by CHERI (Capability Hardware Enhanced RISC Instructions), an innovative secure hardware solution. The study provides valuable insights into the adoption of CHERI, particularly within the defence sector, where security is paramount.
The research involved a comprehensive 12-month evaluation of CHERI, during which 15 teams from both industry and academia ported defence-relevant software to Arm’s experimental Morello board. This extensive trial aimed to identify the blockers, enablers, and potential security implications of adopting CHERI in real-world applications. The findings offer a nuanced understanding of the practical challenges and benefits associated with this cutting-edge technology.
One of the primary objectives of the study was to uncover the obstacles that hinder the widespread adoption of CHERI. The research identified six distinct types of blockers: dependencies, a knowledge premium, missing utilities, performance issues, platform instability, and technical debt. These blockers highlight the complexities involved in transitioning to a new hardware security paradigm. For instance, dependencies on existing software and hardware systems can create significant compatibility issues, while a lack of expertise in CHERI can slow down the adoption process. Additionally, the absence of essential utilities and performance bottlenecks can impede the efficient operation of defence systems. Platform instability and technical debt further complicate the adoption process, as they require substantial resources to address.
Despite these challenges, the study also revealed several enablers that facilitate the adoption of CHERI. Three key enablers were identified: tool assistance, improved quality, and trivial code porting. Tool assistance, such as automated code analysis and debugging tools, can significantly streamline the development process. Improved quality of software, achieved through enhanced security features and robust error handling, is another critical enabler. Trivial code porting, which involves minimal changes to existing code, can also facilitate a smoother transition to CHERI-based systems.
The study also explored the potential security implications of CHERI, particularly if not appropriately configured. Five types of vulnerabilities were identified: state leaks, memory leaks, use after free vulnerabilities, unsafe defaults, and toolchain instability. These vulnerabilities underscore the importance of careful configuration and continuous monitoring of CHERI-based systems. For example, state leaks can expose sensitive information, while memory leaks can degrade system performance and create security loopholes. Use after free vulnerabilities can lead to arbitrary code execution, and unsafe defaults can leave systems vulnerable to exploitation. Toolchain instability can further exacerbate these issues, highlighting the need for robust and reliable development tools.
The findings of this study have significant implications for the defence sector, where the security of hardware foundations is of utmost importance. The identification of blockers and enablers provides valuable guidance for stakeholders in the software and hardware supply chain, helping them make informed investment decisions. The study’s insights into potential vulnerabilities also underscore the need for ongoing research and development to address these challenges effectively.
Looking ahead, the study recommends several areas for future work. These include removing potentially insecure defaults from CHERI tooling and developing a comprehensive CHERI body of knowledge to further adoption. By addressing these recommendations, the defence sector can leverage the full potential of CHERI to enhance the security of its hardware foundations and protect against evolving cyber threats.
In conclusion, the study by Shamal Faily offers a detailed and nuanced understanding of the adoption of CHERI in the defence sector. By identifying the blockers, enablers, and potential security implications, the research provides valuable insights for stakeholders in the software and hardware supply chain. The findings highlight the need for ongoing research and development to address the challenges associated with CHERI and realise its full potential in securing defence systems. Read the original research paper here.