#### CHERI-seL4: Enhancing seL4's C/C++ userspace memory safety using CHERI



Hesham Almatary, Robert Watson, Capabilities Limited seL4 Summit, 15 October 2024



## Outline

#### Software Security

#### CHERI – Overview

- Memory Safety
- Software Compartmentalisation

#### CHERI-seL4

- Why?
- How?
- Progress
- Next steps



## **Software Security**

#### Memory Safety

70% of software vulnerabilities are memory-safety related in C/C++ e.g. Buffer overflows, control-flow, double-free, etc.

Enables confidentiality, integrity, and availability exploits

#### Software Compartmentalisation

Split up a large monolithic software into smaller compartments in order to reduce the attack surface and limit the effects of a successful attack only to the compromised compartment



### What is CHERI?



- Been under development and research since 2010 by University of Cambridge and SRI
- Prototypes on RISC-V and Arm (Morello)
  - Software ecosystem: LLVM, CheriBSD, Morello Linux, CheriFreeRTOS, CHERIoT etc.
- Core principles
  - Intentionality
  - Least privilege
  - Source-code compatibility

| Cambridge/SRI             | Arm     | Microsoft | Google | Codasip     |
|---------------------------|---------|-----------|--------|-------------|
| Piccolo, Flute,<br>Toooba | Morello | CHERIoT   | lbex   | Codasip 700 |



#### Starting point: CHERI on 64-bit systems

- Hardware knows about pointers
- Pointers carry bounds
- Pointers carry permissions
- Pointers can't be created from thin air
- All guarantees are deterministic
- No guarantees rely on secrets

All memory access instructions require a valid pointer operand



#### How does CHERI work



- Capabilities extend integer memory addresses
- Metadata (bounds, permissions, ...) control how they may be used
- Guarded manipulation controls how capabilities may be manipulated; e.g., provenance validity and monotonicity
- Tags protect capability integrity/derivation in registers + memory



#### How does CHERI work

#### • Hardware:

- Double register size
- New CHERI instructions
- Tagged memory
- Hardware exceptions

#### Software Protection Models:

- Pointers Safety: hybrid or purecap (CHERI C)
- Compartmentalisation





#### **CHERI C Guidelines**

- Pointers are unforgeable capabilities
- Pointers are not integers: *sizeof(void \*) != sizeof(long)*
- Minimum alignment for pointers is *sizeof(void \*)*
- **Provenance**: pointers are only derived from other pointers
  - o uint32\_t \*mmio\_region = (uint32\_t \*) (0xc0000000) WRONG Provenance violation
  - An OS or loader should create capabilities for MMIO regions
  - Code that performs bitwise arithmetic between *uintptr\_t* is prone to error *uintptr\_t mutex\_value = FLAG | (uintptr\_t)(curthread)* - WRONG - Provenance loss
    - O If FLAG increases the bounds (e.g., embedding data in the high bits of the address)
  - Additional implications for code that makes assumptions about the shape of a pointer
- Monotonicity: A derived pointer cannot extend bounds or permissions
  - A memory allocator should set bounds on capabilities
- Further reading: CHERI C/C++ Programming Guide <a href="https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf">https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf</a>



#### **CHERI/CompartOS Software Compartmentalisation**



CheriFreeRTOS components and the application execute in compartments. CHERI contains an attack within TCP/IP compartment, which access neither flash nor the internals of the software update (OTA) compartment.



## seL4

- seL4 is a secure microkernel formally verified
- Gives isolation guarantees between user-level protection domains
- No C/C++ memory safety, guarantees at user-level



## CHERI-seL4 – Why?

seL4

Great software technology with formal verification for separating inter-AS protection domains

Great hardware-software technology for single-AS memory safety and software compartmentalisation



CHERIseL4

What could it *mean* to bring both together? This is an under-explored design space



# CHERI-seL4 – Why?



Protect lives, economies. infrastructures. sensitive customer data, etc



## CHERI-seL4 – Why? Ideal goal





### **CHERI-seL4 – Approach and Goals**

CHERI-seL4: shared unified kernel codebase, ideally no forks

# CHERI OFF

Maintain all existing seL4 guarantees

Minimal to no effects on verification

No non-CHERI broken builds, tests, etc

All CHERI-related code is hidden and guarded, and not compiled

Just renaming, parameterisations, and clean-ups of shared code

Same ABI, same performance, same types/sizes (eventually), same output binary

Will not bypass any existing seL4 guarantees (eg. no privilege escalation)

CHERI ON



Immediately enable complete spatial *memory-safety* (purecap) for C/C++ user-space.

Feature-rich to allow design-space explorations on top (eg: software compartmentalisation, temporal safety, etc)



Same seL4 API, new CHERI purecap



# CHERI-seL4 – CHERI ON – Community Expectations

What are we trying to achieve?

Design-space exploration

System research

Implement what we think is right, from CHERI perspective

seL4 just provides the mechanism for the user to implement CHERIbased security policies, including memory-safety and software compartmentalisation

Flexible, generic, and clean design and implementation to enable as many features as possible, use cases, and R&D projects on top



## CHERI-seL4 – CHERI ON – How?

CHERI-seL4: user-space always purecap, but the kernel could be:





# **CHERI-seL4 – Progress**

We have complete all-purecap sel4test running and passing all tests

- Elfloader: Could optionally be built in purecap for some targets
- OpenSBI: Not purecap yet, but hybrid just to preserve tags and capabilities

- <u>PR and RFC submitted</u> to support CHERI-seL4 in the kernel
- CHERI-RISC-V (RV32 and RV64)
- Arm Morello: 4 new platforms submitted QEMU, FVP, bhyve, and Morello SoC board.
- · Purecap kernel only so far, with shared snippets for hybrid
- Enables building and running complete all-purecap seL4 user-space

- Able to run complete purecap projects (sel4test and sel4bench)
- All C/C++ seL4 user libraries that sel4test and sel4bench are using are ported to purecap
- sel4test passes all tests in purecap

Is connection handle valid? Test SERSERV\_PARENT\_010 passed Starting test 93: SYNC001 Starting test 94: SYNC002 Starting test 95: SYNC003 Starting test 96: SYNC004 Starting test 97: THREADS0004 Starting test 98: THREADS0005 Starting test 99: TLS0001 Starting test 100: TLS0002 Starting test 101: TLS0006 Starting test 102: TRIVIAL0000 Starting test 103: TRIVIAL0001 Starting test 104: TRIVIAL0002 Starting test 105: VSPACE0000 Starting test 106: VSPACE0001 Starting test 107: VSPACE0002 Starting test 108: VSPACE0003 Starting test 109: VSPACE0004 Starting test 110: VSPACE0005 Starting test 111: VSPACE0006 Starting test 113: Test all tests ran Test suite passed. 113 tests passed. 56 tests disabled. All is well in the CHERI-seL4 universe



Userspace

Firmware

Kernel

### CHERI-seL4 – Remaining work





## **CHERI-seL4 – Future work**

- Hypervisor support
- MCS and SMP support
- CHERI's temporal safety
- Software Compartmentalisation (e.g., to automatically sandbox third-party libraries)
- Port other C/C++ projects to CHERI-seL4 (e.g., Microkit, LionsOS, Unikernels)
- Lots of other R&D project ideas



#### Conclusions

CHERI-seL4 is aiming to combine both seL4 and CHERI technologies to enhance the overall security

Good progress on CHERI-seL4 shows it is feasible and opens lots of future potentials

Still work-in-progress. We would love to get your input. Help us make this the most useful for the seL4 **and** CHERI communities



### Acknowledgment



- Thanks to the CHERI group and David Chisnall for permitting usage of some of their slides
- We also thank TrustedST, MCA, Sid Agrawal, Codasip, and seL4 foundation for the discussions and collaboration on this work so far.





#### heshamalmatary@capabilitieslimited.co.uk



#### Resources

- Watson, Robert NM, et al. Capability hardware enhanced RISC instructions: CHERI instruction-set architecture (version 9). No. UCAM-CL-TR-987. University of Cambridge, Computer Laboratory, 2023.
- Almatary, Hesham, et al. "CompartOS: CHERI compartmentalization for embedded systems." arXiv preprint arXiv:2206.02852 (2022).
- Almatary, Hesham. CHERI compartmentalisation for embedded systems. Diss. 2022.
- Almatary, Hesham, Alfredo Mazzinghi, and Robert NM Watson. "Case Study: Securing MMU-less Linux Using CHERI." SE 2024-Companion. Gesellschaft für Informatik eV, 2024.
- CHERI Website: <a href="https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/">https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/</a>



### Why not just use Rust userspace on seL4

- Unsafe pointers
- Toolchain supply chain
- No dynamic software compartmentalisation that defends against unknown zeroday vulnerabilities.
- Maintenance and cost overhead to re-write existing C/C++ applications in Rust
- Re-writing codebase in Rust could introduce new bugs
- Re-writing third-party libraries (eg crypto) in Rust is hard
- Cannot compartmentalise existing C/C++ libraries automatically like with CHERI
- Learning overhead for developers because Rust is relatively new
- Ideally port Rust to run on CHERI
- CHERI Myths: I don't need CHERI if I have safe languages



### **CHERI-seL4: Current progress in a figure**



