Porting to Morello: An In-depth Study on Compiler Behaviors, CERT Guideline Violations, and Security Implications

Research output: Chapter in Book/Report/Conference proceedingConference Contribution (Conference Proceeding)

88 Downloads (Pure)

Abstract

As the need for secure systems grows, the exploration of secure hardware like Morello, based on the Capability Hardware Enhanced RISC Instructions (CHERI) architecture, becomes crucial. As Morello navigates towards market induction, establishing systematic approaches for transitioning software to its pure capability mode emerges as a crucial research endeavor. This paper investigates two main areas: a comparison with CERT guidelines and an exploitation analysis on the Morello platform. The comparison aims to identify potential developer-induced vulnerabilities and compiler limitations, elucidating how the Morello-llvm compiler behaves when there are CERT rule violations. Our exploitation analysis explores the limitations of the Morello-llvm compiler toolchain and the developer errors that could bypass Morello’s advanced security features. The findings highlight that despite advancements in toolchains, developer-induced vulnerabilities remain a significant issue, emphasizing the importance of adhering to established programming standards like CERT guidelines.
Original languageEnglish
Title of host publication2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P)
PublisherIEEE Computer Society
Pages381-397
Number of pages17
ISBN (Electronic)979-8-3503-5425-6
ISBN (Print)979-8-3503-5426-3
DOIs
Publication statusPublished - 22 Aug 2024
Event9th IEEE European Symposium on Security and Privacy - University of Vienna, Vienna, Austria
Duration: 8 Jul 202412 Jul 2024
https://eurosp2024.ieee-security.org/index.html

Publication series

NameIEEE European Symposium on Security and Privacy
PublisherIEEE
ISSN (Print)2995-1348
ISSN (Electronic)2995-1356

Conference

Conference9th IEEE European Symposium on Security and Privacy
Abbreviated titleEuroS&P 2024
Country/TerritoryAustria
CityVienna
Period8/07/2412/07/24
Internet address

Bibliographical note

Publisher Copyright:
© 2024 IEEE.

Keywords

  • Morello/CHERI exploitation
  • Porting efforts
  • CERT guidelines

Fingerprint

Dive into the research topics of 'Porting to Morello: An In-depth Study on Compiler Behaviors, CERT Guideline Violations, and Security Implications'. Together they form a unique fingerprint.

Cite this