Introduction to CHERI

I’m writing this post as a CHERI Alliance ambassador. If your company takes cybersecurity seriously, I encourage you to explore CHERI Alliance membership and its benefits.

The Persistent Challenge of Memory Vulnerabilities

Let’s start with a simple piece of code that every CS student encounters in their first year:

#include <stdlib.h>

int main() {
    int *ptr = (int *)malloc(4 * sizeof(int));
    *(ptr+4) = 4;
    free(ptr);
}

The bug is obvious: we’ve allocated space for four integers, but we’re writing to the fifth position—a classic buffer overflow. In this toy example, spotting the error takes seconds. But imagine hunting for similar issues across millions of lines of production code in an operating system or browser engine. Not only is it nearly impossible to catch every vulnerability before deployment, but once compiled and running, these flaws become attack vectors waiting to be exploited.

Consider WebKit, the browser engine powering Safari and iOS. Despite Apple’s robust security measures and multiple sandbox layers, attackers consistently find ways to break through by exploiting memory vulnerabilities. CVEs like the recent CVE-2024-54505 demonstrate an uncomfortable truth: in massive codebases, memory safety bugs are practically inevitable using traditional approaches.

The Evolution of Memory Protection

The industry hasn’t been idle. We’ve developed increasingly sophisticated defences over the years:

Software approaches like Kernel Address Space Layout Randomization (KASLR) have significantly improved security across many systems. However, these addresses can leak through various side channels, and implementation varies wildly across operating systems. Moreover, software-based verification often comes with noticeable performance penalties.

Hardware solutions have shown more promise. ARM’s Pointer Authentication Code (PAC) and Memory Tagging Extension (MTE) provide memory security with minimal performance overhead through dedicated hardware instructions. Yet these remain band-aids on a fundamental problem—they don’t comprehensively address the root cause, and MTE’s limitation to just 16 tags reveals the constraints of retrofitting security onto existing architectures.

Enter CHERI: Rethinking Memory from the Ground Up

CHERI (Capability Hardware Enhanced RISC Instructions) takes a radically different approach. Rather than patching vulnerabilities after the fact, it fundamentally reimagines how we handle memory at the hardware level.

The key innovation? CHERI replaces traditional pointers with capabilities—rich objects that encapsulate not just an address, but also permissions, bounds, and other metadata. On a 64-bit system, this means expanding from 64-bit pointers to 128-bit capabilities. While doubling pointer size might seem costly, the comprehensive memory protection it provides makes this a compelling tradeoff for security-critical applications.

This isn’t a fringe academic project. CHERI has backing from heavyweight organizations including DARPA, UK Research and Innovation, SRI International, ARM, and the University of Cambridge. The project’s strategic pivot from MIPS to RISC-V aligns perfectly with the open-source processor movement, positioning CHERI for potential ratification as the “Y” extension in the official RISC-V ISA specification—supporting both 32-bit and 64-bit implementations.

CHERI in Practice: Available Hardware and Platforms

For those eager to experiment, CHERI hardware is more accessible than you might think. The CHERI Alliance maintains a list of available platforms, but two deserve special attention:

ARM Morello boards offer a full CHERI implementation on ARM architecture, running CheriBSD (a FreeBSD derivative) with familiar software like KDE and Chromium. While supply is limited, the CHERI Alliance distributes boards to qualified researchers and organizations.

CHERIoT platform, initiated by Microsoft, particularly excites me. Built on lowRISC’s Ibex core, CHERIoT targets embedded systems and IoT devices—arguably where memory vulnerabilities pose the greatest risk. Currently available on FPGA boards like the Digilent Arty A7 and lowRISC Sonata, the first CHERIoT silicon is expected in 2026.

What sets CHERIoT apart is its purpose-built RTOS. While ports of FreeRTOS and Zephyr to CHERI are underway, CHERIoT RTOS was designed from scratch with capabilities in mind. Cleverly, it includes a FreeRTOS+TCP 4.0 compatibility layer, allowing developers to migrate existing applications while benefiting from native CHERI protection.

The Open Door: Contributing to CHERI

Here’s what makes CHERI special beyond the technology: it’s genuinely open. This isn’t a corporate initiative with gatekeepers—it’s a community where contributions are welcomed and valued.

For students and early-career engineers, CHERI offers rare opportunities to work on fundamental computing infrastructure. How many people can say they’ve engaged in processor design or modified operating system memory allocators? In an industry increasingly specialized and siloed, CHERI provides hands-on experience with the full computing stack.

Graduate students searching for research topics will find rich veins to mine—from formal verification of CHERI properties to performance optimization, from porting applications to designing new capability models. The intersection of hardware, software, and security guarantees challenging problems with real-world impact.

Looking Ahead: My CHERI Journey

As a University of Waterloo computer engineering student with six co-op terms ahead, I’m betting heavily on CHERI and RISC-V. In upcoming posts, I’ll share:

• Practical experiences porting operating systems to CHERI platforms
• Hardware tutorials for running CHERI-Ibex on FPGA boards with example projects
• Performance analysis comparing CHERI and non-CHERI systems with real benchmarks
• Production use cases in networking, machine learning, and quantitative analysis

The memory safety crisis isn’t going away. Band-aid solutions have taken us as far as they can. CHERI represents something different: a chance to solve these problems at their root, with open technology that anyone can contribute to and benefit from.

Whether you’re a security researcher, a systems programmer, or simply someone who believes computing infrastructure should be fundamentally secure, CHERI deserves your attention. The community is growing, the technology is maturing, and the opportunity to shape the future of secure computing is wide open.

Want to learn more? Visit the CHERI Alliance website or reach out—I’m always happy to discuss CHERI with fellow enthusiasts.