CHERI (Capability Hardware Enhanced RISC Instructions) is a security technology that provides a preventive approach to protect systems against memory attacks. These vulnerabilities have consistently represented ~ 70% of the causes of cyberattacks over the past 20 years (and probably even more).
CHERI improves system security at runtime by extending conventional hardware ISAs with new architectural features to enable fine-grained memory protection and highly scalable software compartmentalization.
The billions of lines of C code that we use daily use pointers to memory that are inherently risky, and very often used by hackers to access data that they are not supposed to view or modify. CHERI replaces pointers with capabilities that prevent these abuses and adds watertight boundaries between different software functions. By construction, these hardware features cannot be bypassed, and a simple code re-compilation is often what it takes to get protected. No need to rewrite billions of lines of code.
The CHERI Alliance has been setup to drive a global industrial ecosystem to solve the biggest cybersecurity challenge: memory vulnerabilities.
Its goal is to promote the use of the CHERI technology and help it diffuse within the industry.
The CHERI Alliance is a non-profit organisation, and welcomes different types of members to collaborate on the technology, its diffusion, and its popularisation: from academia to commercial companies, to government entities and even welcoming individuals. To join the alliance, just go to CHERI Alliance Web site and contact us.
The CHERI Alliance wants to make CHERI as easy to use and integrate as possible. CHERI doesn't require to rewrite your code but there are things that need to be adapted (including fixing security flaws ;) ). This requires tools and software libraries that you will find here.
To request a repository please see the creation rules.
The CHERI Alliance forms working groups to help coordinate activity on these elements, and we would encourage you to join so that you can benefit from the ecosystem, but obviously you are also free to participate without being part of the Alliance.