English
Initial members join CHERI Alliance to drive adoption of memory safety and scalable software compartmentalization
Founding members include Capabilities Limited, Codasip, the FreeBSD Foundation, lowRISC, SCI Semiconductor, and the University of Cambridge
Cambridge, the United Kingdom, June 17, 2024 — The CHERI Alliance CIC (Community Interest Company) today announced it has been established to advance the industry-wide adoption of the security technology CHERI (Capability Hardware Enhanced RISC Instructions). The CHERI Alliance will drive the adoption of enhanced security across the industry and ensure compliance with commonly defined standards.
The initial founding members of the CHERI Alliance include Capabilities Limited, Codasip, the FreeBSD Foundation, lowRISC, SCI Semiconductor, and the University of Cambridge.
The Alliance governing board will include representatives from industry as well as academia, whose work will go beyond technology to unite industry leaders, system developers, users, and security experts to drive and promote CHERI as an efficient security standard.
Memory issues represent approximately 70% of the routes taken by cyber attackers. CHERI is a stable, well-established, hardware-based technology developed by the University of Cambridge and the research institute SRI International since 2010. It prevents memory issues to protect consumers and avoid trillions of dollars of damage. Because the technology can be applied selectively to critical functions and requires almost negligible software modifications, the security of existing products can be enhanced with a small effort. The huge pool of existing C/C++ software can therefore still be leveraged to get more secure systems.
In addition to fine-grained memory protection, CHERI enables high-performance scalable compartmentalization. Compartmentalization restricts the ability of an attacker to exploit an unknown vulnerability as a stepping stone to attack the system further. This is especially important because it provides resilience against not only exploits in known classes but also protects against future as-yet undiscovered classes of vulnerability and exploit techniques, reducing the impact of for example supply chain attacks.
To ensure the success of CHERI, industry adoption and support from a robust ecosystem are crucial. The industry must collaborate to share security expertise and drive education, adoption, and standardization efforts. The CHERI Alliance members will play a pivotal role in supporting standardization, ensuring technical alignment and compliance, and driving broader commercial adoption.
Professor Robert N. M. Watson, Director of Capabilities Limited, said: “After 14 years developing the CHERI technology, we are so excited to see early industry adoption of CHERI, and CHERI Alliance’s foundation essential role in that effort.”
“The software community has been trying to solve memory-related issues for 75 years,” said Ron Black, CEO of Codasip. “Progress has been limited, and security breaches are surging. It’s time to complement the software efforts with robust hardware to prevent buffer overflows, over-reads, and other memory-related vulnerabilities. With CHERI, the hardware community can now give software the tools to fight this.”
“We are proud to be a founding member of the CHERI Alliance,” said Deb Goodkin, Executive Director, FreeBSD Foundation. “FreeBSD has been a significant part of the groundbreaking CHERI research for many years, recognizing the critical importance of memory safety in programming. Security is a top priority for FreeBSD, and CHERI represents a significant advancement in addressing memory-safety vulnerabilities like buffer overflows. As the world’s digital infrastructure evolves, protecting it against emerging threats is crucial. Our participation in the CHERI Alliance aligns perfectly with our mission to enhance system security and reliability and contribute to the growth of this vital technology.”
“lowRISC is honored to be a founding member of the CHERI Alliance — alongside other hardware security leaders — to help promote CHERI as an efficient security standard,” said Dr. Gavin Ferris, CEO of lowRISC. “CHERI provides foundational hardware security and has been implemented by a growing number of vendors, across multiple ISAs, at a variety of design points from high-end application processors to 32-bit embedded systems. It has a proven ability to protect against exploits that leverage illegal memory accesses (such as buffer overflows) without requiring massive recoding of legacy software. The CHERI Alliance will play a vital role in helping drive this critical technology to widespread commercial adoption.”
“Market delivery of CHERI-based devices is critical in evolving robust proof points for this transformation technology”, stated Haydn Povey, CEO of SCI Semiconductor. “Working closely across the CHERI Alliance ensures ecosystems can be built and thrive in collaboration across the membership, and beyond. CHERI technology delivers a revolutionary impact on the industry, ensuring that existing critical vulnerabilities can be identified and resolved quickly, and that undetected future zero-day attack vectors are constrained. This new approach embraces the reality of industry-wide code reuse, reducing development burdens without importing critical systemic weaknesses.”
Professor Simon Moore, University of Cambridge, added: “As noted by the White House in a recent report on a path toward secure and measurable software, hardware support is critical to robust and efficient memory safety. Compiling software to run on CHERI enhanced processors guarantees very strong memory safety that an attacker cannot bypass.”
Membership requests
The CHERI Alliance will formally launch in September 2024 but is already accepting new member applications.
Interested companies can contact the Alliance at https://cheri-alliance.net/
|
||||||
Related News
- CHERI Protects Memory at the Hardware Level
- CHERI Alliance Officially Launches, Adds Major Partners including Google, to Tackle Cybersecurity Threats at the Hardware Level
- VeriSilicon and MicroEJ Join Forces to Accelerate Hardware IP Innovation, Thanks to Software Virtualization Leveraging 10 Million Software Engineers Worldwide
- MIPI Alliance Announces the Formation of a New Birds of a Feather Group to Investigate Software Integration of Hardware Devices
- PolyCore Software Introduces Poly-Platform 2.0 with Enhanced Memory Management Tools for Optimal Multicore Performance
Breaking News
- Europe takes a major step towards digital autonomy in supercomputing and AI with the launch of DARE project
- Infineon brings RISC-V to the automotive industry and is first to announce an automotive RISC-V microcontroller family
- EnSilica Secures €2.13 Million European Space Agency Development Contract
- indie Semiconductor and GlobalFoundries Announce Strategic Collaboration to Accelerate Automotive Radar Adoption
- Silvaco Expands Product Offering with Acquisition of Cadence's Process Proximity Compensation Product Line
Most Popular
- Pragmatic Semiconductor launches next-generation platform for mixed-signal flexible ASIC design with early-access programme
- Semiconductor Industry Faces a Seismic Shift
- Arm vs. Qualcomm: The Legal Tussle Continues
- Quintauris launches the first RISC-V profile for today's real-time automotive applications
- eMemory and PUFsecurity Launch World's First PUF-Based Post-Quantum Cryptography Solution to Secure the Future of Computing
|
E-mail This Article | 
|
|
Printer-Friendly Page |