Introducing fine-grained memory protection with the first commercial implementation of CHERI
Munich, Germany, 31 October 2023 – Codasip, the leader in RISC-V Custom Compute, today announced the first commercial implementation of CHERI, the advanced security mechanism the semiconductor industry needs. Capability Hardware Enhanced RISC Instructions (CHERI) technology was developed at the University of Cambridge as the result of research aimed at revisiting fundamental design choices in hardware and software to improve system security. The technology has been proven in experimental processors and will now for the first time be available in a commercial offering, enabling secure-by-design products. Codasip’s commercial implementation will enable companies to take preventive security measures without having to wait for their vendors’ delivered patches.
Memory safety needs to be a primary concern for all processor and SoC designers, device manufacturers, and end users. Cyberattacks pose an ever-growing threat and approximately 70% of OS and browser vulnerabilities documented in the Common Vulnerabilities and Exposures (CVE) program in the last two decades are attributed to software memory errors. A reason for the lack of commercial solutions to address this challenge is the complexity of the problem. Advanced memory protection has only been achievable through advanced hardware modification or expensive and impactful software modifications. But to be viable in real products, any suggested solution must have minimal impact on power, performance, and area. Building on its unique Custom Compute approach, Codasip has been able to effectively address this challenge.
Ron Black, chief executive officer, Codasip, said: “Unsafe and insecure products risk causing privacy violations, reputational damage and financial loss that are unacceptable, be it cars, routers, medical devices, or any other consumer product. Using statistical protection mechanisms, such as stack canaries, to detect memory corruption has proven not secure enough. It is time for consumers to ask the question: Are your device providers protecting you from the most common type of cyberattack? If they are not using Codasip CHERI technology, they probably are not.”
Professor Robert N. M. Watson, the University of Cambridge, said: “CHERI extends conventional hardware Instruction-Set Architectures (ISAs) with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization. The CHERI memory-protection features allow historically memory-unsafe programming languages such as C and C++ to be adapted to provide strong, compatible, and efficient protection against many currently widely exploited vulnerabilities.”
Professor John Goodacre, director of Digital Security by Design (DSbD), UK Research and Innovation, commented: “Governments are taking action to protect their citizens and businesses from the cyber threat. The DSbD programme is unlocking the market and enabling technology such as CHERI, so companies can add security by design into their products and services. I’m really excited to see Codasip launching a commercial implementation of CHERI. This is an important milestone in creating a secured future for all of us.”
Using Codasip Studio, Codasip is adding built-in fine-grained memory protection to its recently launched 700 processor family by extending the RISC-V ISA with CHERI-based custom instructions. To enable the use of these instructions, Codasip is also delivering the software environment to take advantage of CHERI technology, bringing a full software development flow to add memory protection.
Because CHERI technology can be applied selectively to critical functions, it is possible to enhance the security of existing products with a small effort, often through a simple code recompilation. The huge pool of existing C/C++ software can therefore still be leveraged in more secure systems.
Codasip will be participating at the RISC-V Summit in Santa Clara, California, on November 7-8. The company will showcase its solutions and present a keynote and several technical topics. Learn more or book a meeting.