Abstract
As the need for secure systems grows, the exploration of secure hardware like Morello, based on the Capability Hardware Enhanced RISC Instructions (CHERI) architecture, becomes crucial. As Morello navigates towards market induction, establishing systematic approaches for transitioning software to its pure capability mode emerges as a crucial research endeavor. This paper investigates two main areas: a comparison with CERT guidelines and an exploitation analysis on the Morello platform. The comparison aims to identify potential developer-induced vulnerabilities and compiler limitations, elucidating how the Morello-llvm compiler behaves when there are CERT rule violations. Our exploitation analysis explores the limitations of the Morello-llvm compiler toolchain and the developer errors that could bypass Morello’s advanced security features. The findings highlight that despite advancements in toolchains, developer-induced vulnerabilities remain a significant issue, emphasizing the importance of adhering to established programming standards like CERT guidelines.
Original language | English |
---|---|
Title of host publication | 2024 IEEE 9th European Symposium on Security and Privacy (EuroS&P) |
Publisher | IEEE Computer Society |
Pages | 381-397 |
Number of pages | 17 |
ISBN (Electronic) | 979-8-3503-5425-6 |
ISBN (Print) | 979-8-3503-5426-3 |
DOIs | |
Publication status | Published - 22 Aug 2024 |
Event | 9th IEEE European Symposium on Security and Privacy - University of Vienna, Vienna, Austria Duration: 8 Jul 2024 → 12 Jul 2024 https://eurosp2024.ieee-security.org/index.html |
Publication series
Name | IEEE European Symposium on Security and Privacy |
---|---|
Publisher | IEEE |
ISSN (Print) | 2995-1348 |
ISSN (Electronic) | 2995-1356 |
Conference
Conference | 9th IEEE European Symposium on Security and Privacy |
---|---|
Abbreviated title | EuroS&P 2024 |
Country/Territory | Austria |
City | Vienna |
Period | 8/07/24 → 12/07/24 |
Internet address |
Bibliographical note
Publisher Copyright:© 2024 IEEE.
Keywords
- Morello/CHERI exploitation
- Porting efforts
- CERT guidelines