Table of contents

  • This session has been presented January 31, 2025 (11:00 - 12:00).

Description

  • Speaker

    Kui Wang - Huawei

The CHERI ISA extension enables modern RISC CPU architectures such as RISC-V to enforce memory safety in C/C++ programs. Recent academic works use CHERI for point solutions like constructing enclaves, verifying C programs, or hardening bytecode interpreters, but since the original construction of the CHERI-BSD OS - a FreeBSD port leveraging CHERI capabilities, by Cambridge University - little has been reported on what issues and problems arise when porting an existing operating system to benefit from hardware capabilities. This work distills problematic patterns and their solution from what we believe has been the first successful port of a full Linux system to CHERI hardware. In the interest of reproducibility and possible future CHERI or porting style improvements, we also report on the performance impact of our setup.

Practical infos

Next sessions

  • What you never wanted to know about vulnerability databases

    • November 21, 2025 (10:00 - 11:00)

    • Inria Center of the University of Rennes - Room Métivier

    Speaker : Henrik Plate - Endor Labs

    Vulnerability databases play a crucial role in modern software security, serving as the backbone for Application Security (AppSec) and Software Composition Analysis (SCA) tools. However, the accuracy and reliability of these databases vary significantly, often leading to misinformed security decisions. This talk explores the challenges associated with vulnerability databases, including incomplete[…]

    • Risk Assessment

    • SoSysec

    • Vulnerability management

  • CHERIoT RTOS: An OS for Fine-Grained Memory-Safe Compartments on Low-Cost Embedded Devices

    • November 21, 2025 (11:00 - 12:00)

    • Inria Center of the University of Rennes - Room Métivier

    Speaker : Hugo Lefeuvre - The University of British Columbia

    Embedded systems do not benefit from strong memory protection, because they are designed to minimize cost. At the same time, there is increasing pressure to connect embedded devices to the internet, where their vulnerable nature makes them routinely subject to compromise. This fundamental tension leads to the current status-quo where exploitable devices put individuals and critical infrastructure[…]

    • SoSysec

    • Compartmentalization

    • Operating system and virtualization

    • Hardware/software co-design

    • Hardware architecture

Show previous sessions
Page top