BSDCan2019 - 1.8

BSDCan 2019
The Technical BSD Conference

Brooks Davis
Day Talks #2 - 18 May - 2019-05-18
Room DMS 1110
Start time 10:00
Duration 01:00
ID 1053
Event type Lecture
Track Security
Language used for presentation English

CheriABI: Hardware enforced memory safety for FreeBSD

Memory safety bugs such as buffer overflows are an ongoing source of security vulnerabilities. CheriABI is a new process model for FreeBSD on the Capability Hardware Enhanced RISC Instructions (CHERI) hardware platform which eliminates the vast majority of buffer overflows and significantly increases the difficulty of control-flow attacks such as return-oriented programming.

Our protections cover programs, the C run-time environment including the dynamic linker, and kernel access to user memory. We have ported virtually all of the FreeBSD user space this platform demonstrating that memory safety can be fitted to existing C software.