
In partnership with AESIN and Warwick Manufacturing Group (WMG) at the University of Warwick,has concluded its groundbreaking study on the potential of Capability Hardware Enhanced RISC Instructions (CHERI) to address memory safety vulnerabilities in automotive systems.
Introduction
Memory vulnerabilities and bugs in computers and software have been a long-standing problem for many years, especially as the high-level languages C and C++ and their derivatives are used to develop software for everything from operating systems, device drivers, and office applications to embedded systems and mobile devices and the apps they run. Does the long-running Capability Hardware Enhanced RISC Instructions (CHERI) program have an economically viable solution to memory-related bugs within safety critical embedded systems? That was a question for the RESAuto project, and its findings should help guide future CHERI research.
A Buffer Overflow is a common software bug that allows malicious code to repurpose memory areas and cause issues. Microsoft reported that 70% of Common Vulnerability and Exposure (CVE) disclosures were related to memory safety issues. Memory safety has been an area of focus in recent years, as highlighted in a US White House’s cyber security report, in a joint document from cybersecurity agencies of seventeen nations including the UK’s National Semiconductor Strategy, and at CYBERUK, the UK’s leading cybersecurity conference.
Meanwhile, the safety-critical engineering domain has long developed Verification & Validation (V&V) techniques, rules, guidelines, standards and processes to reduce memory-related bugs and achieve highreliability embedded systems. Techniques not as rigorously used in general computing due to their higher cost. Instead, there is a reliance on regular patching and rapid releases of new features. Indeed, the general computing field has chased performance with increasingly complex multicore processors and shared memory designs. Such complexity is not a necessity for verifiable embedded designs.
Download the paper to continue reading