CHERI is a portable architectural extension providing spatial, referential, and temporal memory safety along with strong, light-weight compartmentalization. CheriBSD is a port of FreeBSD supporting CHERI on Arm Morello, MIPS, and RISC-V. CheriBSD is the reference POSIX OS implementation for CHERI.
CheriBSD supports unmodified binaries from the native architecture plus CheriABI programs which have strong spatial, referential, and temporal safety guarantees. I will discuss our implementation of CheriBSD with a focus on CheriABI.
Speakers: Brooks Davis