Skip to main content

Discussion: Reliability/Security Trade off

CHERI memory protection in general will reduce the damage possible through memory vulnerability, but will by default turn this into a system crash/fault/exception.

This turns a software security issue into a software reliability issue

Frequent mention is made within the documentation of the ability for CHERI, through compartmentalisation, to in turn mitigate this software crash/reliability issue.

It is unclear at present exactly how this works.

What is needed

  1. a general abstract descriptoin of how this works
  2. some specific examples to illustrate how to implement, in a variety of contexts.