What is the value of a CHERI Router?
“CHERI (Capability Hardware Enhanced RISC Instructions) is a joint research project of SRI International and the University of Cambridge to revisit fundamental design choices in hardware and software to dramatically improve system security”. It is commended in a new White House Report and by CISA, the NCSC and other international government agencies, as a new ‘best practise’ (p 28), to help reduce the risk of memory vulnerabilities.
TechWorks is a partner of the Secure Networking by Design Project, and our priority is to ensure that a CHERI based router will make a real impact on the global router market. As such we have been exploring its commercialisation and route to market in the past year and support Dr Nick Allott, CEO, nquiringminds, in his call to the Digital Security by Design Challenge to understand the issues and articulate a robust strategy. Nick spoke about some of the main factors at the DSbD All Hands event last November. Our focus is.
The commercialisation and route to market for a CHERI based router. What is the current state of the global silicon market and what are the barriers to adoption? How do we get silicon vendors and their upstream partners to commit to this?
For us to be successful we will:-
- Describe the options available to a CHERI adopter and outline the relative benefits and costs.
- Define the financial value proposition for silicon vendors and their customers.
- Evaluate the pros and cons of different interventions, in particular compartmentalisation strategies. This becomes more important when trying to decide “where” to compartmentalise, as it is a complex multi constraint problem; we need a solid framework for understanding/evaluating the constraints.
We have put together a series of questions for which we are seeking answers. If you think you can help us with any of the answers, then we would love to hear from you!
Impacts of CHERI
- What are the positive and negative impacts of a CHERI router?
- What are the security impacts? Identify and define concrete examples. For example, vulnerability reduction. We need to demonstrate to the market that reducing the number of vulnerabilities is of benefit to them.
- Identify a standardised methodology: If we are to have measures that can be compared against systems and markets, we need a standardised repeatable methodology.
- What are the benefits of compartmentalisation?
- What are the estimated costs of a new implementation, maintenance, and upgrades of a CHERI router?
- What is the qualified measure of security impact for a pure cap intervention? Is it 70%?
- If we are using “non exploitable vulnerability” as a measure of security impact, are we consistent with our method of counting. Are vulnerabilities prequalified by severity etc?
- Can we characterise security additionality of pure cap+ compartmentalisation methods. What additional % of vulnerabilities do we expect these strategies to give us?
- Is 0-10% a reasonable performance cost to expect across pure cap and compartment strategies? Can we calibrate better?
Colocation Models
- Can we have pointers to a good writeup of the method and the implications?
- Can we expect this to be merged into the main branch any time soon?
- Do we have estimates on the potential positive performance impact, however crude?
Reliability
- Do we have any market research, to understand how different target applications will respond to memory vulnerabilities being shifted into reliability issues? This will presumably vary widely and could determine the viability of the intervention.
- Are there documented design patterns for handling these new errors?
- Specifically, are there examples of how to use “compartmentalisation” to catch errors as per Assessing the Viability of an OpenSource CHERI Desktop Software Ecosystem (compartmentalisation to mitigate application crash)?
- Do we have estimates of the coding effort required to implement these patterns?
- What will be the impact on performance and stability of the product? There is a clear need to understand the challenge of different markets – consumer, military etc. An improved performance is easier to measure than enhanced security but it is really important for these factors to be addressed.
As you can see there are many issues to consider in a route to market. The IoTSF is working with colleagues in this space and looking to understand what success will look like,
Reach out to us if you can help or want to find out more.
Contact James Willison. Project and Engagement Manager, IoTSF: [email protected]