Initial members join CHERI Alliance to drive adoption of memory safety and scalable software compartmentalization
17th June 2024
Cambridge, the United Kingdom, June 17, 2024 — The CHERI Alliance CIC (Community Interest Company) today announced it has been established to advance the industry-wide adoption of the security technology CHERI (Capability Hardware Enhanced RISC Instructions). The CHERI Alliance will drive the adoption of enhanced security across the industry and ensure compliance with commonly defined standards.
The initial founding members of the CHERI Alliance include Capabilities Limited, Codasip, the FreeBSD Foundation, lowRISC, SCI Semiconductor, and the University of Cambridge.
The Alliance governing board will include representatives from industry as well as academia, whose work will go beyond technology to unite industry leaders, system developers, users, and security experts to drive and promote CHERI as an efficient security standard.
Memory issues represent approximately 70% of the routes taken by cyber attackers. CHERI is a stable, well-established, hardware-based technology developed by the University of Cambridge and the research institute SRI International since 2010. It prevents memory issues to protect consumers and avoid trillions of dollars of damage. Because the technology can be applied selectively to critical functions and requires almost negligible software modifications, the security of existing products can be enhanced with a small effort. The huge pool of existing C/C++ software can therefore still be leveraged to get more secure systems.
In addition to fine-grained memory protection, CHERI enables high-performance scalable compartmentalization. Compartmentalization restricts the ability of an attacker to exploit an unknown vulnerability as a stepping stone to attack the system further. This is especially important because it provides resilience against not only exploits in known classes but also protects against future as-yet undiscovered classes of vulnerability and exploit techniques, reducing the impact of for example supply chain attacks.
To ensure the success of CHERI, industry adoption and support from a robust ecosystem are crucial. The industry must collaborate to share security expertise and drive education, adoption, and standardization efforts. The CHERI Alliance members will play a pivotal role in supporting standardization, ensuring technical alignment and compliance, and driving broader commercial adoption.
Professor Robert N. M. Watson, Director of Capabilities Limited, said: “After 14 years developing the CHERI technology, we are so excited to see early industry adoption of CHERI, and CHERI Alliance’s foundation essential role in that effort.”
“The software community has been trying to solve memory-related issues for 75 years,” said Ron Black, CEO of Codasip. “Progress has been limited, and security breaches are surging. It’s time to complement the software efforts with robust hardware to prevent buffer overflows, over-reads, and other memory-related vulnerabilities. With CHERI, the hardware community can now give software the tools to fight this.”
“We are proud to be a founding member of the CHERI Alliance,” said Deb Goodkin, Executive Director, FreeBSD Foundation. “FreeBSD has been a significant part of the groundbreaking CHERI research for many years, recognizing the critical importance of memory safety in programming. Security is a top priority for FreeBSD, and CHERI represents a significant advancement in addressing memory-safety vulnerabilities like buffer overflows. As the world’s digital infrastructure evolves, protecting it against emerging threats is crucial. Our participation in the CHERI Alliance aligns perfectly with our mission to enhance system security and reliability and contribute to the growth of this vital technology.”
“lowRISC is honored to be a founding member of the CHERI Alliance — alongside other hardware security leaders — to help promote CHERI as an efficient security standard,” said Dr. Gavin Ferris, CEO of lowRISC. “CHERI provides foundational hardware security and has been implemented by a growing number of vendors, across multiple ISAs, at a variety of design points from high-end application processors to 32-bit embedded systems. It has a proven ability to protect against exploits that leverage illegal memory accesses (such as buffer overflows) without requiring massive recoding of legacy software. The CHERI Alliance will play a vital role in helping drive this critical technology to widespread commercial adoption.”
“Market delivery of CHERI-based devices is critical in evolving robust proof points for this transformation technology”, stated Haydn Povey, CEO of SCI Semiconductor. “Working closely across the CHERI Alliance ensures ecosystems can be built and thrive in collaboration across the membership, and beyond. CHERI technology delivers a revolutionary impact on the industry, ensuring that existing critical vulnerabilities can be identified and resolved quickly, and that undetected future zero-day attack vectors are constrained. This new approach embraces the reality of industry-wide code reuse, reducing development burdens without importing critical systemic weaknesses.”
Professor Simon Moore, University of Cambridge, added: “As noted by the White House in a recent report on a path toward secure and measurable software, hardware support is critical to robust and efficient memory safety. Compiling software to run on CHERI enhanced processors guarantees very strong memory safety that an attacker cannot bypass.”
Membership requests
The CHERI Alliance will formally launch in September 2024 but is already accepting new member applications.
Interested companies can contact the Alliance at https://cheri-alliance.net/
About SCI Semiconductors
SCI Semiconductors was formed to lead the commercialisation of CHERI technologies. With a strong focus on secure and high-integrity computing, the organization has built a team of recognised industry leaders, with decades of leadership in security, processor IP and chip design, and high-integrity software. With multiple existing projects developed on the prototype Arm Morello test chip, the team focused on enablement of the smaller, simpler, and nimbler, Microsoft CHERIoT Ibex processor. The company has ported AWS FreeRTOS and functional libraries, as part of exploratory work with UKRI and Digital Catapult, alongside operating and enhancing the native CHERIoT RTOS.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.