CheriRTOS: A Capability Model for Embedded Devices

Hongyan Xia; Jonathan Woodruff; Hadrien Barral; Lawrence Esswood; Alexandre Joannou; Robert Kovacsics; David Chisnall; Michael Roe; Brooks Davis; Edward Napierala; John Baldwin; Khilan Gudka; Peter G. Neumann; Alex Richardson; Simon W. Moore; Robert N. M. Watson

CheriRTOS: A Capability Model for Embedded Devices

Hongyan Xia ,
Jonathan Woodruff ,
Hadrien Barral ,
Lawrence Esswood ,
Alexandre Joannou ,
Robert Kovacsics ,
David Chisnall ,
Michael Roe ,
Brooks Davis ,
Edward Napierala ,
John Baldwin ,
Khilan Gudka ,
Peter G. Neumann ,
Alex Richardson ,
Simon W. Moore ,
Robert N. M. Watson

Proceedings of the 2018 IEEE 36th International Conference on Computer Design (ICCD) | October 2018

Organized by IEEE

Download BibTex

—Embedded systems are deployed ubiquitously among various sectors including automotive, medical, robotics and avionics. As these devices become increasingly connected, the attack surface also increases tremendously; new mechanisms must be deployed to defend against more sophisticated attacks while not violating resource constraints. In this paper we present
CheriRTOS on CHERI-64, a hardware-software platform atop Capability Hardware Enhanced RISC Instructions (CHERI) for embedded systems.

Our system provides efficient and scalable task isolation, fast and secure inter-task communication, fine-grained memory safety, and real-time guarantees, using hardware capabilities as the sole protection mechanism. We summarize state-of-the-art security and memory safety for embedded systems for comparison with our platform, illustrating the superior substrate provided by CHERI’s capabilities. Finally, our evaluations show that a capability system can be implemented within the constraints of embedded systems.