March 12, 2026 -
By Ian Lankshear, Ensilica
Building safe and secure embedded systems is getting harder as firmware grows in scale, complexity, and connectivity. Even with sophisticated safeguards, such as microprocessor (MPU) regioning, real-time operating system (RTOS) isolation, static analysis tools, and strict coding standards (including MISRA C), application-specific IC (ASIC) and system-on-chip (SoC) developers still encounter the same architectural weakness: memory-safety violations. Buffer overruns, out-of-bounds accesses, and pointer corruption are consistently the leading sources of unpredictable system behavior and real-world security exploits.
CHERI began as a joint research effort between the University of Cambridge and SRI International, funded by DARPA, to prevent memory-safety vulnerabilities at the architectural level. Early MIPS prototypes proved that capabilities, pointers with hardware-enforced bounds and permissions, could be added without breaking C/C++ compatibility. The work later moved to RISC-V, demonstrating portability and modest hardware cost.