Talk: Transient-execution attacks on the CHERI Morello platform
DOI:
https://doi.org/10.46586/uasc.2025.104Abstract
CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common access control and memory safety exploits, but as CHERI implementations continue to mature it is important to consider other attack vectors.
One class of attacks that become relevant with the introduction of superscalar and out-of-order CHERI-based processors are transient-execution attacks such as Spectre and Meltdown. Given the ISA overhaul required when porting any given architecture to a CHERI model, these changes will necessarily affect the efficacy of these microarchitectural attacks. This is particularly apparent when looking at design decisions such as how and when capabilities are invalidated in the speculative path, or what triggers an exception as opposed to simply making the capability invalid. Reproducing these attacks is the first step, as new architectural primitives also opens the door for new CHERI-specific microarchitectural exploits that bypass protection model guarantees.
Our current work involves exploring what CHERI does to both mitigate and exacerbate transient-execution attacks, focussing on the Arm Morello prototype implementation of the CHERI ISA to ARMv8-A. The talk will cover porting the Spectre-PHT and Spectre-BTB attacks to CheriBSD, an operating system designed to take full advantage of CHERI's protection model. We will discuss current Arm Morello test results about how changes to capability metadata such as bounds, addresses, and permissions behave in the speculative path - in particular, how good practice that makes full use of capabilities protects systems from Spectre-style vulnerabilities. Design considerations unique to not only the CHERI model but to the OS and compiler will also be demonstrated, such as compiling in hybrid vs 'purecap' mode, and compiler options determining how capability bounds are set.
