Research
- CHERI
- A protection model that extends existing computer architectures with capability hardware to support memory safety and fine-grained compartmentalization for low-level programming languages.
- project page
- site about Arm’s Morello program, which produced industrial-scale systems-on-chip with multi-core 2.4 GHz processors featuring CHERI technology
- paper on Cornucopia, a system that uses CHERI features to guarantee heap temporal safety for userspace C and C++ programs
- paper on Cornucopia Reloaded, an improved version of Cornucopia
- my PhD thesis on analyzing the security properties of memory-safety mitigations built with CHERI, adapting the JavaScriptCore interpreter and baseline JIT compiler to support CHERI, introducing new algorithms for heap temporal safety, and measuring performance on the Morello board
- Thunderclap
- Investigation into the security of direct memory access from peripheral devices, including the development of new kinds of exploits, a hardware platform to carry them out, and techniques for mitigating them.
- website
- paper
- coverage by The Register, ZDNet, and the University of Cambridge
- security advisory by Intel