Fall school

Workshop

The slides for part 1 and part 2 of the workshop are available.

The CHERI tutorial will be an interactive tutorial requiring participants to download a prepared VM containing a CHERI-RISCV build environment. Whilst the VM will be available in a compact format, please allow a minimum of 20GB hardisk space. It is recommended that virtualisation software for the VM be installed prior to the event such as the latest version of Oracle VirtualBox, which is available for a variety of platforms, or UTM for MACs.

You can now download the VM for VirtualBox (5.8 GB) and UTM (11 GB). If you want to effectively participate in the workshop, it's best to grab them before, as the download on the day may take too much time. The installation instruction are also available.

What's CHERI?

CHERI is about redesigning the underlying computer hardware architecture to provide security by design, with the aim of protecting against common memory vulnerabilities introduced by non memory-safe languages such as C and C++. CHERI stands for Capability Hardware Enhanced RISC Instructions and extends conventional processor Instruction-Set Architectures (ISAs) with capabilities. Capabilities are a powerful and flexible security mechanism for implementing fine-grained memory access control and for compartmentalising untrusted software components. CHERI has been incorporated into MIPS and RISC-V alongside an ongoing development of supporting software and build chain tools, but has gained significant momentum recently with the introduction of ARM's experimental Morello hardware platform.

Agenda: Part 1 (before lunch)

Introduction to CHERI: What is CHERI and what does it protect against? What is ARM Morello?
Introduction to CHERI exercises: Understanding the build environment, toolchain, and debugger
Guided exercises using the VM:
- Compiling and running RISC-V and CHERI-RISC-V programs
- Disassembling and debugging RISC-V and CHERI-RISC-V binaries
- Understanding CHERI exceptions

Agenda: Part 2 (after lunch)

Attacks (and mitigation through CHERI):
- Identifying and fixing a buffer overflow
- Overwriting function pointers
- Attempting arbitrary code execution through a buffer overflow

Program: Monday, November 7 (Fall School)

Room: The Writers' Suite

10:00-11:00	Registration & coffee
11:00-12:00	Welcome and workshop on the CHERI security features and the ARM Morello prototype implementation (part 1) Jennifer Jackson, Matthew Bowden, Jacqui Henes, David Oswald
12:00-13:30	Lunch Edgbaston Park Hotel Restaurant
13:30-15:30	Workshop on CHERI (part 2) Jennifer Jackson, Matthew Bowden, Jacqui Henes, David Oswald
15:30-16:00	Coffee break
16:00-16:45	Industry talk: Licel (chair: David Oswald)
17:00-17:30	Campus tour from venue to Computer Science building
17:45-20:00	Poster Session and reception with drinks and fingerfood Call for Posters Location: Atrium, Computer Science building

Funding

The organisers are supported by the Engineering and Physical Sciences Research Council (EPSRC) under grants EP/R012598/1, EP/S030867/1, EP/V000454/1. Part of the fall school will cover DsbDtech aka ARM Morello and CHERI.