German RISC-V processor designer Codasip has launched the first commercial implementation of CHERI with fine-grained memory protection for advanced security.
The Capability Hardware Enhanced RISC Instructions (CHERI) technology was developed at the University of Cambridge as the result of research aimed at revisiting fundamental design choices in hardware and software to improve system security.
The technology has been proven in experimental processors and will now for the first time be available in a commercial offering, enabling secure-by-design products. Codasip’s commercial implementation will enable companies to take preventive security measures without having to wait for patches from vendors.
ARM has also developed a version of CHERI called Morello that is being tested in a number of projects but there is not yet a commercial implementation.
- AutoCHERI starts cybersecurity penetration testing
- £2.2m for CHERI automotive, embedded security projects
- ARM ships ground-breaking Morello secure processor
Using Codasip Studio, Codasip is adding built-in fine-grained memory protection to its recently launched 700 processor family by extending the RISC-V ISA with CHERI-based custom instructions. To enable the use of these instructions, Codasip is also delivering the software environment to take advantage of CHERI technology, bringing a full software development flow to add memory protection
Memory safety needs to be a primary concern for all processor and SoC designers, device manufacturers, and end users. Cyberattacks pose an ever-growing threat and approximately 70% of OS and browser vulnerabilities documented in the Common Vulnerabilities and Exposures (CVE) program in the last two decades are attributed to software memory errors.
A reason for the lack of commercial solutions to address this challenge is the complexity of the problem. Advanced memory protection has only been achievable through advanced hardware modification or expensive and impactful software modifications. But to be viable in real products, any suggested solution must have minimal impact on power, performance, and area. Codasip used its Custom Compute approach to develop the CHERI core.
- Securing the world of electronics
- Codasip in Bristol IoT security buy for RISC-V .
- First system on module to meet new EU IoT security law
“Unsafe and insecure products risk causing privacy violations, reputational damage and financial loss that are unacceptable, be it cars, routers, medical devices, or any other consumer product,” said Ron Black, chief executive officer at Codasip.
“Using statistical protection mechanisms, such as stack canaries, to detect memory corruption has proven not secure enough. It is time for consumers to ask the question: Are your device providers protecting you from the most common type of cyberattack? If they are not using Codasip CHERI technology, they probably are not.”
Professor Robert N. M. Watson, the University of Cambridge, said: “CHERI extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization. The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.”
Because CHERI technology can be applied selectively to critical functions, it is possible to enhance the security of existing products with a small effort, often through a simple code recompilation. The huge pool of existing C/C++ software can therefore still be leveraged in more secure systems