I have #Rust, I don't need #CHERI! I have CHERI, I...

david_chisnall's posts Post Back to profile

I have #Rust, I don't need #CHERI! I have CHERI, I don't need Rust!

No, you need both, they solve different problems and Rust + CHERI solves problems that neither Rust nor CHERI solve alone.

https://cheriot.org/cheri/myths/2024/08/28/cheri-myths-safe-languages.html

Like 28 August at 15:39 | Open on infosec.exchange

4 comments

Saar Amar

@david_chisnall As usual, fantastic blog :)

28 August at 17:15 | Open on infosec.exchange

david_chisnall

@amarsaar Take a look at the PR, lots of folks gave very helpful feedback on this one!

28 August at 19:53 | Open on infosec.exchange

Edwin Török

@david_chisnall how quickly can you emulate CHERI on x86-64? (Does qemu support it for example?) If you compile your C code, or language bindings/runtime to a CHERI architecture could that act as a better valgrind/ASAN?
Probably not what you had in mind when designing the hardware, but might be a useful intermediate step until CHERI hardware is widely available.

28 August at 17:45 | Open on discuss.systems

david_chisnall

@edwintorok There is a QEMU version for CHERI RISC-V. It’s not amazingly fast, because it needs to do a bunch of instructions for tagged memory and more to extract fields from capabilities and perform the relevant checks. It can’t support multicore emulation and preserve the security properties (at least, not with good performance) because CHERI relies of stores of pointers being atomic. This is east in hardware (operations are within a cache line and you get the required atomicity for free) but it is incredibly hard to emulate. This is the main reason for wanting to built it in hardware rather than as a virtual machine.

Memory Save WASM has roughly the same abstract machine as CHERI and has roughly a 100% perf overhead (things run half speed), whereas CHERI should be able to get close to 2% on an optimised microarchitecture.

Expand text...

28 August at 19:52 | Open on infosec.exchange