Slash Boxes

SoylentNews is people

posted by janrinok on Wednesday March 27, @12:52PM   Printer-friendly

Arthur T Knackerbracket has processed the following story:

The inaugural Beacon Awards has handed three prizes to projects working on safer software for CHERI-enabled hardware running on the CheriBSD operating system. For the unitiated, CHERI is an abbreviation of Capability Hardware Enhanced RISC Instructions.

The Beacon Awards is a fresh scheme from the FreeBSD Foundation, in partnership with the UK government's Digital Security by Design initiative, to reward efforts at safer software. The Digital Security by Design initiative has been around for some six years now, and it funds multiple projects in the broader security R&D field. The Register reported on Arm jumping on board in early 2019. It worked: It was awarded £36 million ($45.43 million) at the gongs last week. Naturally, there were talks about much more money… but it's good to know that some real technological developments have come out of this.

One grand prize went to the Mojo JVM. This is a memory-secure Java runtime that "can run existing Java applications with no or minimal code changes," according to the awards page. Java isn't trendy any more and applets in web pages disappeared years ago, but it remains very significant in internal business-process apps in many large companies. Its development is sponsored by The Hut Group, an etailer which occasionally pops up on the Register. The team has a 17-minute Youtube video explaining how CHERI can bring greater memory-safety to the OpenJDK JVM.

Another grand prize went to Intravisor, a new form of virtualization host for cloud software, which can run various kinds of VMs with greater isolation on CHERI-enabled hardware. This includes its own lightweight ones and unmodified Linux environments. There's more info on the GitHub page, and there was a talk about Intravisor at the 2022 FOSDEM conference.

The third grand prize went to the appropriately named Capabilities Limited for its work refactoring 1.7 million lines of existing C++ web services software to CheriBSD on Morello.

Honorable mentions went to two pieces of research by the University of Glasgow's Jeremy Singer. One is Morello Micropython, a research project that's produced a CHERI-enabled Micropython interpreter. He has also been studying adapting the Boehm garbage collector to CHERI, which he terms Capability Boehm [PDF].

[...] in the course of developing inexpensive mass-market microcomputers, a lot of the security systems of earlier generations of computers were simply discarded, either for being too expensive or too much hard work. Capabilities were just one of them.

The CHERI research is looking for ways to restore these to existing systems running current software, with minimal modifications. If they're successful, the resulting hardware and software will be slightly slower – but also immune, or at least far more robust against, all kinds of software vulnerabilities and exploits.

As it is today, Linux has a bunch of performance-killing security features, whose impact you can see if you just turn them off temporarily. We're already paying the speed penalty for this stuff. CHERI could do better. It's a price worth paying.

Original Submission

This discussion was created by janrinok (52) for logged-in users only. Log in and try again!
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.