[langsec-discuss] lowRISC

Rik Farrow rik at rikfarrow.com
Sun Jan 4 22:56:59 UTC 2015


On Sat, Jan 03, 2015 at 11:23:13AM -0800, travis+ml-langsec at subspacefield.org wrote:
> Peter Neumman gave a long, rambling keynote at Cornerstones of Trust
> on a complex, "holistic" (non-point-solution) secure system:
> 
> http://www.csl.sri.com/users/neumann/utah13+x4.pdf
> 
> I was very interested in the details of his work, as it appears he
> must have done a great deal of research.  Unfortunately as with most
> very ambitious projects, it's not clear exactly what the output will
> be, and he kept mentioning they had a verilog implementation of a
> simple RISC core which I'm sure is an accomplishment but not terribly
> useful to me.  I got the impression that one might find papers on the
> various security aspects forthcoming, or possibly already on his site.

You can find more here:

http://www.cl.cam.ac.uk/~rnw24/#cheri

CHERI is the RISC implementation. Capsicum is software related to CHERI.
Both relate back to hardware for MULTICS (which Neumann was involved
with). That hardware used segment registers to isolate processes,
something that CHERI has revived using modern hardware design. In short,
instead of having processes isolated using memory management, you have
hardware that enforces the use of a prefix to memory addresses,
effectively segmenting memory, but more flexibly than done with the GE
600 (IIRC).

Hope this helps a little,
Rik



More information about the langsec-discuss mailing list