Talk: Transient-execution attacks on the CHERI Morello platform

Jacqui Henes; Marius Muench; David Oswald; Hany Ragab

doi:10.46586/uasc.2025.104

Talk: Transient-execution attacks on the CHERI Morello platform

Jacqui Henes
, Marius Muench
, David Oswald
, Hany Ragab

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

124 Downloads (Pure)

Abstract

CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common access control and memory safety exploits, but as CHERI implementations continue to mature it is important to consider other attack vectors.

One class of attacks that become relevant with the introduction of superscalar and out-of-order CHERI-based processors are transient-execution attacks such as Spectre and Meltdown. Given the ISA overhaul required when porting any given architecture to a CHERI model, these changes will necessarily affect the efficacy of these microarchitectural attacks. This is particularly apparent when looking at design decisions such as how and when capabilities are invalidated in the speculative path, or what triggers an exception as opposed to simply making the capability invalid. Reproducing these attacks is the first step, as new architectural primitives also opens the door for new CHERI-specific microarchitectural exploits that bypass protection model guarantees.

Our current work involves exploring what CHERI does to both mitigate and exacerbate transient-execution attacks, focussing on the Arm Morello prototype implementation of the CHERI ISA to ARMv8-A. The talk will cover porting the Spectre-PHT and Spectre-BTB attacks to CheriBSD, an operating system designed to take full advantage of CHERI's protection model. We will discuss current Arm Morello test results about how changes to capability metadata such as bounds, addresses, and permissions behave in the speculative path - in particular, how good practice that makes full use of capabilities protects systems from Spectre-style vulnerabilities. Design considerations unique to not only the CHERI model but to the OS and compiler will also be demonstrated, such as compiling in hybrid vs 'purecap' mode, and compiler options determining how capability bounds are set.

Original language	English
Title of host publication	2025: Proceedings of the Microarchitecture Security Conference (uASC '25)
Place of Publication	Bochum
Publisher	Ruhr University Bochum
Number of pages	5
DOIs	https://doi.org/10.46586/uasc.2025.104
Publication status	Published - 1 Mar 2025
Event	1st Microarchitecture Security Conference - Bochum, Germany Duration: 19 Feb 2025 → 19 Feb 2025 Conference number: 1 https://uasc.cc/

Publication series

Name	Proceedings of the Microarchitecture Security Conference
Publisher	Ruhr University Bochum
Volume	1

Conference

Conference	1st Microarchitecture Security Conference
Abbreviated title	uASC '25
Country/Territory	Germany
City	Bochum
Period	19/02/25 → 19/02/25
Internet address	https://uasc.cc/

Access to Document

10.46586/uasc.2025.104Licence: None: All rights reserved

HenesJ2025TransientFinal published version, 199 KBLicence: None: All rights reserved

CAP-TEE: Capability Architectures in Trusted Execution
Ryan, M. (Co-Investigator), Thomas, R. (Co-Investigator), Ordean, M. (Co-Investigator), Garcia, F. (Co-Investigator), Oswald, D. (Principal Investigator), Muench, M. (Co-Investigator) & Sinha Roy, S. (Researcher)
Engineering & Physical Science Research Council
12/08/20 → 28/02/25
Project: Research Councils

Cite this

@inproceedings{010335bd02f34247a4be8317d7ffc971,

title = "Talk: Transient-execution attacks on the CHERI Morello platform",

abstract = "CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common access control and memory safety exploits, but as CHERI implementations continue to mature it is important to consider other attack vectors. One class of attacks that become relevant with the introduction of superscalar and out-of-order CHERI-based processors are transient-execution attacks such as Spectre and Meltdown. Given the ISA overhaul required when porting any given architecture to a CHERI model, these changes will necessarily affect the efficacy of these microarchitectural attacks. This is particularly apparent when looking at design decisions such as how and when capabilities are invalidated in the speculative path, or what triggers an exception as opposed to simply making the capability invalid. Reproducing these attacks is the first step, as new architectural primitives also opens the door for new CHERI-specific microarchitectural exploits that bypass protection model guarantees. Our current work involves exploring what CHERI does to both mitigate and exacerbate transient-execution attacks, focussing on the Arm Morello prototype implementation of the CHERI ISA to ARMv8-A. The talk will cover porting the Spectre-PHT and Spectre-BTB attacks to CheriBSD, an operating system designed to take full advantage of CHERI's protection model. We will discuss current Arm Morello test results about how changes to capability metadata such as bounds, addresses, and permissions behave in the speculative path - in particular, how good practice that makes full use of capabilities protects systems from Spectre-style vulnerabilities. Design considerations unique to not only the CHERI model but to the OS and compiler will also be demonstrated, such as compiling in hybrid vs 'purecap' mode, and compiler options determining how capability bounds are set.",

author = "Jacqui Henes and Marius Muench and David Oswald and Hany Ragab",

year = "2025",

month = mar,

day = "1",

doi = "10.46586/uasc.2025.104",

language = "English",

series = "Proceedings of the Microarchitecture Security Conference",

publisher = "Ruhr University Bochum",

booktitle = "2025: Proceedings of the Microarchitecture Security Conference (uASC '25)",

note = "1st Microarchitecture Security Conference, uASC '25 ; Conference date: 19-02-2025 Through 19-02-2025",

url = "https://uasc.cc/",

}

Henes, J, Muench, M , Oswald, D & Ragab, H 2025, Talk: Transient-execution attacks on the CHERI Morello platform. in 2025: Proceedings of the Microarchitecture Security Conference (uASC '25). Proceedings of the Microarchitecture Security Conference, vol. 1, Ruhr University Bochum, Bochum, 1st Microarchitecture Security Conference, Bochum, North Rhine-Westphalia, Germany, 19/02/25. https://doi.org/10.46586/uasc.2025.104

Talk: Transient-execution attacks on the CHERI Morello platform. / Henes, Jacqui; Muench, Marius ; Oswald, David et al.
2025: Proceedings of the Microarchitecture Security Conference (uASC '25). Bochum: Ruhr University Bochum, 2025. (Proceedings of the Microarchitecture Security Conference; Vol. 1).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Talk: Transient-execution attacks on the CHERI Morello platform

AU - Henes, Jacqui

AU - Muench, Marius

AU - Oswald, David

AU - Ragab, Hany

N1 - Conference code: 1

PY - 2025/3/1

Y1 - 2025/3/1

N2 - CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common access control and memory safety exploits, but as CHERI implementations continue to mature it is important to consider other attack vectors. One class of attacks that become relevant with the introduction of superscalar and out-of-order CHERI-based processors are transient-execution attacks such as Spectre and Meltdown. Given the ISA overhaul required when porting any given architecture to a CHERI model, these changes will necessarily affect the efficacy of these microarchitectural attacks. This is particularly apparent when looking at design decisions such as how and when capabilities are invalidated in the speculative path, or what triggers an exception as opposed to simply making the capability invalid. Reproducing these attacks is the first step, as new architectural primitives also opens the door for new CHERI-specific microarchitectural exploits that bypass protection model guarantees. Our current work involves exploring what CHERI does to both mitigate and exacerbate transient-execution attacks, focussing on the Arm Morello prototype implementation of the CHERI ISA to ARMv8-A. The talk will cover porting the Spectre-PHT and Spectre-BTB attacks to CheriBSD, an operating system designed to take full advantage of CHERI's protection model. We will discuss current Arm Morello test results about how changes to capability metadata such as bounds, addresses, and permissions behave in the speculative path - in particular, how good practice that makes full use of capabilities protects systems from Spectre-style vulnerabilities. Design considerations unique to not only the CHERI model but to the OS and compiler will also be demonstrated, such as compiling in hybrid vs 'purecap' mode, and compiler options determining how capability bounds are set.

AB - CHERI (Capability Hardware Enhanced RISC Instructions) is a capability-based ISA extension providing spatial memory protection and compartmentalisation. CHERI capabilities show a lot of promise in securing computer systems from common access control and memory safety exploits, but as CHERI implementations continue to mature it is important to consider other attack vectors. One class of attacks that become relevant with the introduction of superscalar and out-of-order CHERI-based processors are transient-execution attacks such as Spectre and Meltdown. Given the ISA overhaul required when porting any given architecture to a CHERI model, these changes will necessarily affect the efficacy of these microarchitectural attacks. This is particularly apparent when looking at design decisions such as how and when capabilities are invalidated in the speculative path, or what triggers an exception as opposed to simply making the capability invalid. Reproducing these attacks is the first step, as new architectural primitives also opens the door for new CHERI-specific microarchitectural exploits that bypass protection model guarantees. Our current work involves exploring what CHERI does to both mitigate and exacerbate transient-execution attacks, focussing on the Arm Morello prototype implementation of the CHERI ISA to ARMv8-A. The talk will cover porting the Spectre-PHT and Spectre-BTB attacks to CheriBSD, an operating system designed to take full advantage of CHERI's protection model. We will discuss current Arm Morello test results about how changes to capability metadata such as bounds, addresses, and permissions behave in the speculative path - in particular, how good practice that makes full use of capabilities protects systems from Spectre-style vulnerabilities. Design considerations unique to not only the CHERI model but to the OS and compiler will also be demonstrated, such as compiling in hybrid vs 'purecap' mode, and compiler options determining how capability bounds are set.

UR - https://doi.org/10.46586/uasc.2025.104

UR - https://ojs.ub.rub.de/index.php/uASC/index

UR - https://uasc.cc/2025/

U2 - 10.46586/uasc.2025.104

DO - 10.46586/uasc.2025.104

M3 - Conference contribution

T3 - Proceedings of the Microarchitecture Security Conference

BT - 2025: Proceedings of the Microarchitecture Security Conference (uASC '25)

PB - Ruhr University Bochum

CY - Bochum

T2 - 1st Microarchitecture Security Conference

Y2 - 19 February 2025 through 19 February 2025

ER -

Talk: Transient-execution attacks on the CHERI Morello platform

Abstract

Publication series

Conference

Access to Document

Fingerprint

Projects

CAP-TEE: Capability Architectures in Trusted Execution

Cite this